SSL Communication With A Merchant Web Server

Abstract

The Internet is inherently not a very secure place, particularly for very sensitive information that you don't want intercepted or viewed by prying eyes. Although basic authentication in World Wide Web servers is minimally acceptable, it is by no means secure. This report compares various contemporary security mechanisms available today and analyze why SSL is the most suitable mechanism for secure communication between a Web browser and Web server. The underlying technology behind Secure Socket Layer will be analyzed in detail along with the functionality of latest encryption techniques. In order to simulate SSL functionality between a merchant Web server and a client browser, a setup was established in the Lab using four Pentium machines running windows 2000 servers and connected together in a network domain. To issue digital certificates, Microsoft Certificate Server was installed on one of the computers on the domain, which was subsequently used to issue certificates to the merchant Web server and the client browser. The solution was configured for optimal performance. Web pages were developed and hosted on the Web server and. In the end, secure data was communicated between the browser and a Credit Card Authentication Server using SSL communication.