SSL
In Summery
- SSL (Secure Socket Layer) is the standard technology for establishing an encrypted link between web server and a web browser.
- Web servers require SSL certificate to be able to create SSL connection
- SSL verifies identity of web servers and web browsers
- SSL encrypts messages between the browser and server
No doubt technology has been growing at a tremendous speed since the invention of the internet otherwise known as WWW (World wide web). With the increased online communications came multiple threats. As a result, a secure communication protocol was developed to protect internet users from the threats of data interception and forgery.
Starting early July 2018, Google, one of the largest search providers started enforcing a policy in which it flags non-secure domains/urls for their users.
In a nutshell, the following process happens when connecting to the internet:
- A browser attempts to connect to a website secured with SSL.
- The browser requests that the web server identify itself.
- The server sends the browser a copy of its SSL Certificate.
- The browser checks whether it trusts the SSL Certificate. If so, it sends a message to the server.
- The server sends back a digitally signed acknowledgement to start an SSL encrypted session.
Encryption Protects Data During Transmission
Web servers and web browsers rely on the Secure Sockets Layer (SSL) protocol to help users protect their data during transfer by creating a uniquely encrypted channel for private communications over the public Internet. Each SSL Certificate consists of a key pair as well as verified identification information. When a web browser (or client) points to a secured website, the server shares the public key with the client to establish an encryption method and a unique session key. The client confirms that it recognizes and trusts the issuer of the SSL Certificate. This process is known as the “SSL handshake” and it begins a secure session that protects message privacy, message integrity, and server security.
Credentials Establish Identity Online
Credentials for establishing identity are common: a driver’s license, a passport, a company badge. SSL Certificates are credentials for the online world, uniquely issued to a specific domain and web server and authenticated by the SSL Certificate provider. When a browser connects to a server, the server sends the identification information to the browser.
To view a websites’ credentials:
- Click the closed padlock in a browser window
- Click the trust mark (such as a Norton Secured Seal)
- Look in the green address bar triggered by an Extended Validation (EV) SSL
Authentication Generates Trust in Credentials
Trust of a credential depends on confidence in the credential issuer, because the issuer vouches for the credential’s authenticity. Certification Authorities use a variety of authentication methods to verify information provided by organizations. Symantec, the leading Certification Authority, is well known and trusted by browser vendors because of our rigorous authentication methods and highly reliable infrastructure. Browsers extend that trust to SSL Certificates issued by Symantec.
How does the client know an SSL certificate has been issued by a legitimate certificate authority?
Clients like browsers or smart phones, will come with a list of some certificate authorities and their public keys. However, there are hundreds of certificate authorities, so the client can’t store them all. Instead, the client only needs to know a few root certificate authorities.
These root certificate authoritiescan issue special certificates to intermediate certificate authorities(after vetting them of course), and these intermediate certificate authorities can issue SSL certificates to everyone else.
For example, if a browser receives an SSL certificate that is signed by a root certificate authority, the client can treat the certificate as valid. But if the client receives a certificate that is signed by an intermediate certificate authority that it doesn’t know, that certificate will include the signature of the root certificate authority that issued the certificate to the intermediate certificate authority. The client knows this root certificate authority so it can treat the certificate as valid even though it was not issued by them.
Every website and/or web application requires SSL certificate for authenticity and security of online data transmission. Apart from optimizing website for SEO, Sanaateck also ensures clients websites are secured with authentic SSL certificates for email and data transmission.
Credit: medium.com