{"id":12740,"date":"2014-03-05T19:03:16","date_gmt":"2014-03-06T01:03:16","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=12740"},"modified":"2014-03-05T19:11:45","modified_gmt":"2014-03-06T01:11:45","slug":"ssl-tls-https-web-server-certificate-fingerprints","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=12740","title":{"rendered":"SSL TLS HTTPS Web Server Certificate Fingerprints\u00a0\u00a0"},"content":{"rendered":"<blockquote><p>Public and Private keys form cryptographically matched pairs. It is not feasible to derive one from the other, yet what one encrypts only the matching other can decrypt. Website SSL security certificates provide the site&#8217;s Public cryptographic key which is the public side of the server&#8217;s secret Private cryptographic key which is never publicly disclosed. Only the certificate&#8217;s public key can be used to encrypt data which the remote server can decrypt only using its matching private key. Since the SSL Proxy Appliance <strong>does not have<\/strong> the private key of the remote server\u2014because only the remote server has it\u2014the fake &amp; fraudulent certificate the SSL Proxy provides to the user&#8217;s web browser <strong>is forced to use a different public key<\/strong> for which it <strong>does<\/strong> have a matching private key. And <strong>that<\/strong> means that no matter how hard any SSL-intercepting Proxy Appliance may try to spoof and fake any other server&#8217;s certificate, <strong>the certificate&#8217;s public key MUST BE DIFFERENT<\/strong><\/p><\/blockquote>\n<p>via <a href=\"https:\/\/www.grc.com\/fingerprints.htm\">GRC\u00a0|\u00a0SSL TLS HTTPS Web Server Certificate Fingerprints\u00a0\u00a0<\/a><\/p>\n<blockquote><p>The remote server&#8217;s REAL certificate and the SSL Appliance&#8217;s FAKED certificate MUST HAVE AND WILL HAVE radically different fingerprints.\u00a0\u00a0They will not be remotely similar..<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Public and Private keys form cryptographically matched pairs. It is not feasible to derive one from the other, yet what one encrypts only the matching other can decrypt. Website SSL security certificates provide the site&#8217;s Public cryptographic key which is &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=12740\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[287],"tags":[420,338,159,232],"class_list":["post-12740","post","type-post","status-publish","format-standard","hentry","category-interfaces","tag-certificates","tag-encryption","tag-proxy","tag-ssl"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/12740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12740"}],"version-history":[{"count":1,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/12740\/revisions"}],"predecessor-version":[{"id":12741,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/12740\/revisions\/12741"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12740"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}