Secure Sockets Layer (SSL) creates an encrypted connection between server and user, allowing for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery – no one, except the entitled users, has access to them. In addition, the certificate confirms that the identity of the server and the organizations to which it belongs.
The use of an SSL certificate on a website is usually indicated by a padlock icon in web browsers or by a green address bar. Once the SSL has been installed on a website, the site can be accessed via https:// instead of http://.
Why is it necesary?
SSL certificate protects users from: stealing passwords, credit card/bank data; faking data; Cyber attacks on individual users/companies/organizations/
If you are transmitting sensitive information on a web site, such as credit card numbers or personal information, you need to secure it with SSL encryption. It is possible for every piece of data to be seen by others unless it is secured by an SSL certificate.
An SSL Certificate creates a trusted environment for the user and it is required by the Payment Card Industry (PCI) to have an SSL Certificate. It also gives a feeling to the customers that you value their security and are serious about protecting their information.
To sum up, an SSL Certificate guarantees: Customer trust for website and organization, Security of transferred data, credibility of service, worldwide standards of on-line security and development of customer relationship.
How it works?
When a customer makes a connection to secure.com on an SSL port, typically 443, the process of SSL Handshaking takes place. The handshaking process if briefly described below:
1. Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself.
2. Server sends a copy of its SSL Certificate, including the server’s public key.
3. Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back asymmetric session key using the server’s public key.
4. Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
5. Server and Browser now encrypt all transmitted data with the session key.
The process essentially involves three keys: the public, private, and session keys – Anything encrypted with the public key can only be decrypted with the private key, and vice versa. As encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data.
What are the types?
Domain validation SSL Certificate Secures a single domain/subdomain. It is the fastest issuance type of SSL and are available for a business clients, or even for private clients that do not have a company. No paperwork – as it requires no company or business documents for a validation process, even no callbacks. The validation process is very simple and easy; all you need is to respond to automatic system message that will be sent to your email.
Business Validation SSL Certificate require domain validation via email and supplying company documents for business authentication. It is recommended for online shopping cart websites which are registered as a business entity.
Extended Validation Certificate (EV SSL certificate) is a certificate that requires an extensive verification of those who want to buy it by the certificate authority. One of the greatest advantages of getting EV SSL cert is a high level of trust to your website, no matter what kind of business you run. EV SSL certs are the most prestigious certificates of business level, which include information about a company that owns a domain. These certificates are known to insure high effectiveness against phishing attacks. That is why you and your customers can be absolutely sure about privacy and safeness of transactions performed online.
How to get it?
Almost any service on the Internet can be protected with SSL. WebMail, Control Panels, POP, IMAP, SMTP, FTP and more are a few of the many applications for SSL Certificates.
To get a certificate, you need to follow the below steps:
1. Create a private key on yoru server.
2. Create a Certificate Signing Request (CSR) on your server.
3. Send the CSR and the Private key to the SSL Certificate issuer (or Certificate Authority- CA). – A CSR is an encrypted body of text. Your CSR will contain encoded information specific to your company and domain name; this information is known as a Distinguished Name or DN. The DN for most servers contains the following fields: Country, State (or province), Locality (or city), Organization, Organizational Unit, and Common Name.
4. The CA uses the CSR data file to create a public key to match your private key without compromising the key itself. The CA never sees the private key.
5. Once you receive the SSL Certificate, you install it on your server.
You also install a pair of intermediate certificates that establish the credibility of your SSL Certificate by tying it to your CA’s root certificate. [The instructions for installing and testing your certificate will be different depending on your server.]
Feel free to contact our sales team via chat/mail, if you have any queries.