Now, we will cover the internal working of SSL certificates. As explained earlier, these are required as they enhance the security of deployment. Those info
XML files are grabbed through HTTP over SSL protocol. We have two options to set up such a necessary SSL system.
Either we are going to work with self-signed certificates, or we opt for a more refined solution via the typical Public Key Infrastructure (PKI) scheme, having the certificate signed by a certificate authority (CA). In the very essence, the public key is linked with an identity. After that, anyone can verify whether that key really belongs to that identity. Therefore, it acts as a digital signature.
Describing in detail how the PKI scheme works is beyond the scope of our book. Chances are if you want to opt for the second methodology (that is having signed the certificates by a CA), then you either have an internal PKI or, you may have got yours issued by a commercial signer such as...