One problem with communicating sensitive information over the Internet is that almost every connection between two computers over a network involves many intermediate steps--a chain of computers that successively receive and forward the information until it reaches its destination. This process, called routing, is fundamental to all Internet communication, and any computer in the routing chain has complete access to all the data it receives.
This makes it easy for the unscrupulous to intercept your private conversations, steal your credit card numbers, or illegally obtain confidential or proprietary information.
The Oracle WebServer's implementation of SSL addresses this problem by scrambling data sent from the server to clients (web browser programs) in such a way that the clients can unscramble the information when they receive it. This way, any intermediate computers involved in routing the information see only gibberish that they can't decipher.
This kind of security has three aspects:
If you want to receive encrypted messages using public-key encryption, you must first run a program that generates a key pair. You must then publish the public key in a public database or directory, and store the private key in a secure location on your computer. This is critical. The effectiveness of public-key encryption depends entirely on the secrecy of the private key.
Anyone who wants to send you an encrypted message must look up your public key in a directory, use it encrypt the message, and send you the encrypted message. Only your private key can decrypt the message, so if you have kept your private key secret, no one else can read the message.
Because public key encryption is much slower than secret-key encryption, SSL uses it only when the client first connects to the WebServer to exchange a secret key called a session key, which both client and server use to encrypt and decrypt transmitted data.
If you want to "sign" an electronic document in a verifiable and legally binding way, you must first possess a key pair. You must then run a program that generates a digital signature using the private key and the document itself. You can then attach the digital signature to the document and send it. Anyone who receives this document, together with its digital signature, can then use the your public key to verify your identity, and to verify that the document has not been tampered with.
To authenticate itself, your WebServer must present the client with the proper credentials, called a certificate.
When you set up a secure WebServer, you must obtain a certificate from a trusted third-party company called a certifying authority (CA).
When you contact a certifying authority to request a certificate, you must provide them with certain legal information about your organization, which they can use to certify that your organization is legitimate and should be certified (see Setting Up a Secure Oracle WebServer).
Go to the top of the section.
To report any problems or comments, e-mail Oracle WebServer Documentation.