Top 12 SSL/TLS Interview Questions | Network Security
SSL, short for Secure Socket Layer, is solely responsible for protecting data during transfer from source to destination. Here is a list of SSL interview questions and answers generally asked in an interview.
Q1. What are SSL/TLS certificates?
Ans: SSL/TLS is a standard security protocol that ensures the confidentiality and integrity of data while in transit. It encrypts the data flow between the web browser and web server, hence ensuring confidentiality. Also, the webserver and browser exchanges key to decrypt the data, which ensures the integrity of the data.
Q2. Explain how SSL/TLS works.
Ans: SSL/TLS layer provides confidentiality and integrity while data is transmitted from source to destination.
- The user initiates the connection by typing the website address. The browser initiates SSL/TLS communication by sending a message to the website’s server.
- The website's server sends back the public key or certificate to the user's browser.
- User's browser checks for a public key or certificate. If it is ok, it creates a symmetric key and sends it back to the website's server. If the certificate is not ok, the communication fails.
- On receiving the symmetric key, the website's server sent the key and encrypted the requested data.
- The user's browser decrypts the content using a symmetric key, which completes the SSL/TLS handshake. The user can see content as now connection is established.
Q3. What are asymmetric and symmetric encryption?
Ans: The major difference between symmetric and asymmetric cryptography is the use of the single key for encryption and decryption in the case of symmetric cryptography, while the use of the public and private key for encryption and decryption in the case of asymmetric cryptography.
Q4. How does SSL/TLS use both asymmetric and symmetric encryption?
Ans: SSL used symmetric encryption to encrypt data between the browser and the web server. In contrast, asymmetric encryption is used to exchange generated symmetric keys, which validate the client and server's identity.
Q5. What is a Certificate Signing Request (CSR)?
Ans: Certificate Signing Request or CSR is encoded information that contains the applicant's information such as a common name, a name of an organization, email address, city, state, and country. This encoded information is used by certifying authority (CA) to issue an SSL certificate to the applicant.
Q6. What does a CSR look like?
Ans: CSR is base 64 encoded text to start with “—–BEGIN CERTIFICATE REQUEST—–” and end with“—–END CERTIFICATE REQUEST—–” lines.
Q7. Discuss some public-key encryption algorithms used in SSL.
Ans: Public key encryption is used to exchange the symmetric key between the browser and web server. Some of the algorithms used Elliptic curve cryptography (ECC), RSA etc.
Q8. What are pre-shared key encryption algorithms?
Ans: Pre-shared key encryption algorithms refer to the symmetric key used to encrypt data between the browser and web server. The most commonly used algorithms are Twofish, AES, or Blowfish as pre-shared key encryption algorithms.
Q9. What are the authentication levels of SSL/TLS certificates?
Ans: Authentication levels refer to the trustworthiness of a hosted URL. Certifying Authorities (CA) issue certificates to an organization on validating their identities. It mainly categorizes Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV).
Q10. Explain Domain Validation (DV) authentication in SSL.
Ans: This is the lowest level of validation done by the Certifying Authority (CA) to issue a certificate to an organization. Here, CA only verifies whether an organization controls the domain or not. This process can be done via email.
Q11. Explain Organization Validation (OV) authentication in SSL.
Ans: This is the medium level of validation done by the Certifying Authority (CA) to issue a certificate to an organization. Here, CA validates the name, state, and country of an organization. This process can be done by physically verifying the organization's location.
Q12. Explain Extended Validation (EV) authentication in SSL.
Ans: This is the highest level of validation done by the Certifying Authority (CA) to issue a certificate to an organization. Here, CA validates ownership, physical location, state, and country of organization. This process can be done by physically verifying the organization's location and checking its legal existence.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.