Studio Server and all its client applications supports the use of SSL as a way of securing the communication between the server and the client applications.
SSL uses the Certificate Authority (CA) to identify one or both sides.
How it works
In short, SSL works as follows:
|Step #||Performed by|
|Client Application||Application Server|
|1||A secure request is performed, identified by the https prefix of the URL.|
|2||A public key with its certificate is sent to the client application.|
The certificate is used for checking:
|4||The public key of the application server is used to encrypt a random generated encryption key — called the session key — and sends it to the application server.|
|5||The session key is decrypted by using the private key.|
|6||The requested data which has been encrypted using the shared session key is sent back to the client application.|
|7||The data is decrypted using the shared session key.|
The identity of the application server within the SSL protocol is checked by the client application (client authentication by the server is optional), which means that the client application needs reference to the root certificate (the cacert.p12 file) and the application server needs reference to an installed server certificate (the cert.p12 file) which is derived from (signed by) the same root certificate.