What is a SSL certificate and how does it work?
Whether you’re planning to start a personal or professional website, security plays a vital part in your online activity.
Cyber criminals don’t discriminate between small sites and large ones when it comes to looking for vulnerabilities and hacking accounts.
It’s important that your online business is as secure as your own home. You should be able to feel that your information is safe, and you owe it to your customers and visitors to safeguard their data, as well.
What is a SSL certificate?
SSL is an acronym for “Secure Sockets Layer”. This is a widely used security protocol that establishes a secure channel between two endpoints (typically the server and the client, or user’s computer) connecting over the internet.
It takes place at the transport layer of digital communication architecture. It uses encryption to ensure that all data exchanged remains private and arrives intact.
SSL has been an internet standard for many years now, and is still favored by internet companies and users all over the globe. It guarantees that millions of transactions are performed confidentially every hour of the day.
What details does an SSL certificate include?
An SSL certificate is actually a small piece of software that contains important identifiers. These include key information such as the serial number or “thumbprint” of the certificate, the issuer, expiry date, and the domain name it’s associated with, including the name and business address of the owner.
It will also provide essential encryption data like the public key of the originating server, the SSL/TLS version, and the different algorithms used in it’s operation. These details allow validation of the certificate each time it’s used.
How does SSL encryption work?
Your SSL encrypts messaging using a combination of public and private keys, also known as PKI, or public key infrastructure. The public key determines how information from the server is encrypted, and the private key allows your internet browser to decrypt the information to a human-readable format.
The associated public key is shared with every visitor to a site that owns a certificate. Your browser gets this public key right from the certificate and you don’t even know you’re using it. However, you can view this public key and other SSL certificate details in your browser. Depending on the type of browser you use, you can typically click on the green bar or certificate seal to generate a pop-up menu that gives you the option of viewing certificate information.
The public key being used and the private key issued to users are distinct but related. Otherwise decryption would be impossible. In order for a secure connection to be established, the protocol requires that the client computer can verify that its private key matches up to the public key. This is known as “asymmetric encryption”.
What is an SSL handshake?
Establishing a secure link is often called the “SSL handshake”. The process can be thought of in terms of the client and server recognising and accepting each other, very like the handshake that two human beings use as a greeting.
This is simply the electronic version. It involves three basic steps: a hello, verification by the SSL-protected server, and the transfer of keys to the user computer.
The first “Hello” is frequently called the ClientHello message sent by your browser when you first make contact with the server. Your computer is requesting a secure connection. This “Hello” will contain some SSL certificate information which the server protocols acknowledge.
The server than sends back a ServerHello message that also contains corresponding certificate information. Contact within secure SSL requirements is now initiated.
Next, server validation takes place on the client end. Using the SSL certificate installed on the server, your computer is able to verify that the certificate is the correct one issued to that specific website by the listed certificate authority (CA), and is still in effect.
If there are any problems, your browser will display a warning about the certificate.
If everything is in proper order, the server and client computers can now share their keys. The client uses the public key from the certificate to generate a “pre-master” key that’s sent to the server for decryption.
The server uses it’s own private key to validate this pre-master key, and a unique key is created involving both computers. In most modern browsers, it’s an unbreakable 256-bit key.
This key is then used to encrypt and decrypt all the messages exchanged for that online session until the connection is broken. At this point, it’s known as “symmetric encryption” for smooth and automatic encryption of all data exchanges.
How do you know that a site has a valid SSL certificate?
If you have an SSL certificate installed on your site, your visitors should be able to recognise the fact immediately.
The URL shown in address bar of the client browser will start with “https” rather than “http”, the extra “s” standing for “secured”. There should also be a green highlight or background of the address bar when an “https” address is showing. In addition, most browsers will show a padlock symbol somewhere in the address bar.
Many CAs will also provide participating sites with a site-seal certificate symbol. This is the issuer’s distinct logo letting visitors know that the site is protected by one of their certificates. There are only a relatively small number of global CAs.
You can usually click on either the site seal or the padlock icon to bring up an option that includes “Certificate Information”. Selecting this will bring up current information on the SSL certificate, such as the date limits on the certificate validity.
All certificates will have an expiration date after which they are no longer active.
What are the types of SSL?
Most issuing CAs provide several types of certificate to meet various site owner needs. You may want your entire website protected, or only certain sub-domains where sensitive information is used and stored, such as the checkout and payment operations for an e-commerce store. Here are some of the certificate types available.
Extended validation certificate
EV certificates are the highest level of protection. They aren’t easy to get, as the process is complicated and the cost high.
When seeking an EV certificate, the CA will first verify that you, the applicant, are a legal, registered business. These SSL certificates will always show up with the green address bar and padlock symbol. Though older browsers may not show this, the certificate is still valid for that site.
Many sites that deal with financial transactions on a regular basis, such as PayPal, most banks, and large online retailers like Amazon will always have EV certificates in place.
To establish trust with today’s security-conscious consumers, all financial and e-commerce sites, even for small business, should obtain an EV certificate.
Organization validated certificates
OV, or high assurance SSL certificates, are somewhat less effective but still require high validation standards, and also take a little more investment in time and money.
OV certificates must meet the RFC (Request for Comments) guidelines established by the Internet Society and the Internet Engineering Task Force.
If you want an OV certificate, you’ll be required to exchange your business information with the CA and may be contacted directly for verification purposes.
Many smaller e-commerce sites can get by with an OV certificate, but they are also used to establish trust by many major non-transactional sites like Wikipedia.
Domain validated certificates
DV certificates are considered low assurance and are the quickest most affordable option. They are usually confirmed through email accounts.
However, they don’t do much more validation than checking your site’s SSL certificate against your registered domain name.
DV certificates aren’t hard to get, so that even scammers like phishing sites can get one. A DV certificate performs encryption but does not guarantee trust in the site owner.
Many of the major CAs don’t even bother issuing DV SSL certificates. If you have a site that requires users to divulge financial or other sensitive information, you’ll probably want a higher-security certificate.
But even a DV can make your site more secure, and inspire more user confidence, than not having any SSL certificate at all. They can also be effective if used within your own company to validate and encrypt employee or partner logins.
What are the benefits of having an SSL certificate?
SSL is the foundation of online security, and savvy consumers are often looking for them before they’ll do business or share information. Having an SSL certificate on your site can provide a number of benefits to your and your visitors.
SSL protects sensitive information
SSL certificates will encrypt all the information provided by or submitted to your visitors. This includes images as well as alphanumeric data.
Encryption works by transposing each character in your message into a random character based on the key and the algorithm used.
Even if the message is intercepted by hackers, they can’t decrypt it. Without the correct private key, even stolen information is useless.
SSL provides authentication
The use of public/private key pairs performs computer authentication by ensuring that information is going to the right end user.
From both the client and server ends, the keys help to establish that only the established secure channel and approved connections are used.
Customers using your server over the internet may have to go through several computers where malware mat be trying to emulate one of your servers and steal their information.
With public key infrastructure in place, your SSL protocols will notice the difference and issue a warning.
SSL inspires trust
When people visit your site, they should immediately notice the green address bar, padlock icon, or CA site seal.
This lets them know right away that your have SSL encryption in place to protect their information.
This conveys a level of trust and confidence they won’t get from unprotected sites. You can count on getting far more traffic than unprotected competitor sites.
SSL ensures PCI compliance
If you run a website that takes payments from customers, the Payment Card Industry (PCI) requires that you have valid SSL certificates in place.
Otherwise, you won’t be able to accept and process payments from primary sources like VISA or Discover cards.
This could severely limit your income and force you to lose customers who want to be able to pay by debit or credit card. This is more convenient than third-party payment processing companies that require setting up a separate account and will also charge you higher fees.
SSL protects you
Having an SSL in place may also deter hackers. If they see an online company without an SSL certificate, they see a vulnerable website where they may be able to intercept and capture user information and prey on your clients. That could be a disaster for your reputation.
An SSL certificate will probably be one of the best additions you could make to your website. There are different types of certificate coming from various Certificate Authorities, but all of them will provide critical authentication between your website and each individual user.
A protected site is easy to recognize and one that users will be more inclined to interact with and return to. This will help build your online audience.
SSL certificates not only protect your own and your users’ information through sophisticated encryption techniques, but they provide peace of mind and build trust.
How to install a SSL certificate for your website?
How to install a AUHost4u SSL Certificate
To install your FREE SSL certificate it’s fairly simple.
1) Log in your cPanel account.
2) Click on the feature “SSL/TLS” in the section Security. If you experience trouble finding the feature, use the look up tool.
3) You can either run the AutoSSL option or click on each domain and update them one by one.
How to install a third party SSL certificate?
Please refer to the cPanel section in our “Frequent questions our support staff receive” post.
To conclude on SSL certificates
When you make the decision to host your site with AUHost4u, you’ll discover that SSL certificates are just one of the many services that we offer our clients.
We provide different levels of SSL protection from the most highly respected CAs in the industry. The certificates we offer include site seals, 256-bit encryption, low prices, and free installation.
For more information on adding one or more of our SSL certificates to protect your site and your visitors. Reach out to our Support team using our Ticket System or our Live Chat here with any questions.