What is an SSL certificate and how to implement it?
When you think about an SSL certificate, you probably see a padlock and HTTPS protocol in the left side of your browser bar, which ensures the secure connection to a given domain. This is what the majority of regular Internet users know. Let’s go a step further and find out how an SSL certificate work, what the advantage of the encryption is and how to implement it. We will also consider whether it’s a good idea to think about that certificate at all.
Spis treści
What is an SSL certificate?
An SSL (Secure Socket Layer) certificate is used to secure website and data transmission between a website and a user, using HTTPS protocol. A website security certificate consists in encrypting data, which allows for unauthorized storage of data and information by third parties.
Apart from data transmission encryption, SLL certificates also authenticate entities operating online, who ones the server and the domain. The scope of this authentication depends on the type of an SSL certificate, which will be discussed later.
An SSL certificate is a centralized protocol, which can be compared to an identity document of a domain, server and their owner. It is issued by independent institutions called Certifying Authorities. An SSL certificate securing the website includes the following information:
- name of the owner and the entity issuing the certificate;
- public key of the owner for an asymmetric algorithm;
- digital signature of the entity issuing the certificate;
- validity period and serial number of the certificate.
You might be interested in this article as well: What is the difference between a free and paid SSL certificate?
How does the SSL certificate work?
How does SSL technology work? It’s quite simple.
Firstly, let’s discuss data transmission between a server and a browser with no encryption. The data is transmitted as a simple text file, which can be read and stores by any external “observer”. The lack of data transmission encryption make all data open to theft, change or modification somewhere between a server and a browser. This leads to a serious risk of sensitive data breach, which can include personal data, contact data, logins and passwords used by users in an online store or a website.
With securing the website with an SSL certificate you are sure that before the information is sent from a server to a browser, a key for data encryption is determined. The server then encrypts the data and sends encrypted packages to the browser. When the data reaches the browser, they are decrypted. Only the server and the browser know which key should they use to decrypt the data. This way third parties that don’t have this private key cannot read and modify data.
More technical aspect of the SSL certificate operation
Encryption with an SSL certificate is performed with two encryption protocols: a record protocol and a key-agreement protocol.
The record protocol supervises, controls and encrypts data sent between the browser and the server. The key-agreement protocol authenticates the browser and/or the server, and generates a unique symmetric key that allows the creation of encryption and decryption keys for a specific data transmission session.
An SSL certificate for a website consists of a public key assigned to a domain by the certification authority and a private key assigned to the public key. Every time the encrypted data reaches the browser, the browser must decrypt the data by using a private key.
Read our other article: Compendium on how to secure your your WordPress
Types of SSL certificates
SSL security varies depending on the encryption level and trust to the domain and certificate owner. There are three types of certificates: DV, OV and EV. There are also Wildcard and Multidomain certificates.
DV certificate
A DV (Domain Validation) certificate is the simplest way to secure your website with an SSL certificate, which is only used to validate your domain. The certificate allows for the verification of the domain and active e‑mail to which the certification link is sent.
This type of an SSL certificate is recommended for small business card sites, landing pages or blogs.
OV certificate
An OV (Organization Validated) certificate is an SSL certificate that validates both the domain and its owner. In order to obtain this certificate, you have to submit a scan of your identity document along with company identification documents. The certifying authority confirms the credibility of the domain and the company.
An OV (SSL certificate is a great solution for online stores, large companies and complex portals as well as on websites where users send their sensitive personal and contact information.
EV certificate
An EV (Extended Validation) certificate is issued after a thorough verification of the applicant. To obtain this type of an SSL certificate you have to submit corporate identity documents, prove you’re the owner of the domain and confirm the authenticity of the submitted documents with the verification organization. If an EV certificate is used, you will see a green padlock and the whole name of the given company.
EV SSL certificates are used by corporations, financial and banking institutions, public and medical institutions and entities that process the most sensitive user data.
Apart from the certification level of the SSL certificates, there are also Wildcard, Multidomain (UCC) and other certificates that include one domain only. Wildcard SSL certificates allow you to secure all subdomains of a given domain, and UCC certificates make it possible to secure several domains at the same time.
How does the transmission of data with SSL certificate work?
The data transmission with an SSL server between a server and a browser consists of several automatic operations.
Firstly, the browser sends a request to the server to verify the user identity. Then a copy of the SSL certificate is sent to the browser. The browser then authorizes this certificate, verifying its validity and source.
Next, after the browser accepted the certificate, the server sends a reply, which commences the session encryption with the agreed private key. The browser receives the encrypted files, decrypts them with a previously agreed private key.
Take a look at these articles as well: How does WordPress get hacked?
How to recognize if a website uses an SSL certificate?
Website certificates are visible in the address bar. The type of the SSL certificate used depends on the type of the certificate itself.
When the website uses a regular DV certificate, you will see a symbol of a locked padlock and an address prefix starting with HTTPS protocol. These signs indicate that the connection between the domain and the server is encrypted.
How to check the validity of an SSL certificate?
Verification of the website security certificate validity is quick and easy. Just go to the address bar of the website whose SSL certificate you want to verify, click the padlock icon or the name of the company (depending on the type of the certificate). Next, click on the arrow next to the Secure Connection sign choose More information.
You will see a window with information regarding the website identity. At the top of this window, you will see View certificate. Click on that option. Now you can view all the information about the SSL certificate, including:
- name of the entity;
- name of the entity issuing the certificate;
- certificate validity;
- alternative entity names;
- information about the public key;
- type of certification;
- and other more or less useful information.
Advantages of SSL certificates
You probably don’t need to be convinced about the advantages of an SSL certificate. Securing the connection between your server and your browser will make your website or online store more credible.
Moreover, the certificate will confirm your operations online, which will ensure you meet the personal data processing obligations and will also secure sensitive data of both your company and users against theft, modification and unauthorized access.
The big advantage of SSL certificates is also the fact that some of them are available for free, e.g. Let’s Encrypt or Cacert.org certificates.
SSL certificate for your corporate website
If all you need is a small business card site or even a slightly more complex website, you should consider an SSL or DV certificate. However, if your corporate websites allow your customers of contractors to create a user account and enter their personal and contact data, you should think about investing in a better and more efficient OV certificate.
Take a look at our article: Everything you have to keep in mind when creating an online store
Which SSL certificate should you choose for your online store?
Online stores should be secured better. OV certificates are an absolute minimum for e‑commerce companies, which process personal data, contact and payment data of their customers. If you run a larger store, it is a good idea to invest in an EV certificate that ensures the best data protection.
Check other blog posts
See all blog postsWhy is it a good idea to split sites across different hosting accounts?
Read moreMultiple websites on one server is a threat that can have different faces. Find out what the most important ones are and see why you should split your sites on different hosting accounts. Powiązane wpisy: Compendium: how to secure your WordPress? Everything you have to keep in mind when creating an online store Useful plugins…
How do you get your website ready for Black Friday or more traffic?
Read moreToo much website traffic can be as disastrous as no traffic at all. A traffic disaster results in server overload. In such a situation, no one is able to use e.g. your online store’s offer, and you do not earn. Learn how to optimally prepare your website for increased traffic. Powiązane wpisy: Compendium: how to…
Password management or how not to lose your data
Read moreDo you have a bank account? Use the internet with your smartphone? Congratulations! Then you are on the brighter side of the power, where digital exclusion does not reach. But can you take care of the security of your data as effectively as you invite your friend for a beer via instant messenger? Powiązane wpisy:…