SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. An SSL certificate is a data file hosted in a website’s origin server. SSL certificates make SSL/TLS encryption possible, and they contain the website’s public key and the website’s identity, along with related information. Devices attempting to communicate with the origin server will reference this file to obtain the public key and verify the server’s identity. The private key is kept secret and secure.
What is an SSL certificate?
SSL stands for Secure Sockets Layer, a global standard security technology that enables encrypted communication between a web browser and a web server. It is utilized by millions1 of online businesses and individuals to decrease the risk of sensitive information (e.g., credit card numbers, usernames, passwords, emails, etc.) from being stolen or tampered with by hackers and identity thieves. In essence, SSL allows for a private “conversation” just between the two intended parties.
To create this secure connection, an SSL certificate (also referred to as a “digital certificate”) is installed on a web server and serves two functions:
- It authenticates the identity of the website (this guarantees visitors that they’re not on a bogus site)
- It encrypts the data that’s being transmitted
How does it work?
SSL certificates work by establishing an encrypted connection between a web browser and a server. The encrypted data is impossible to read without a secret key, called a decryption key.
When your browser tries to connect to a secure website, several steps take place in only a few milliseconds:
- You type in a secure website’s URL, indicated by an HTTPS address
- Your browser requests secure pages (HTTPS) from Norton’s web server.
- The web server sends a public key along with its SSL certificate. Valid SSL certificates are digitally signed by a third party, establishing the server’s identity and domain ownership.
- Your web browser verifies that the digital signature is legitimate.
- Once the certificate’s signature is verified, your browser displays a padlock icon in the URL bar.
- Your web browser sends encrypted data to the web server along with a secret key.
- The server uses a private decryption key to read the data and access the secret key.
- From this point forward, the browser and server will share data using the secret decryption key. Information is unreadable to hackers who do not have a shared secret key.
Types of SSL certificate
There are different types of SSL certificates with different validation levels. The six main types are:
Extended Validation (EV) certificates
This is the highest-ranking and most expensive type. It tends to be used for high-profile websites which collect data and involve online payments. When installed, this SSL certificate displays the padlock, HTTPS, name of the business, and the country on the browser address bar. Displaying the website owner’s information in the address bar helps distinguish the site from malicious sites. To set up an EV SSL certificate, the website owner must go through a standardized identity verification process to confirm they are authorized legally to the exclusive rights to the domain.
Organization validated (OV) certificate
OV certificates have a moderate level of trust and are a good option for public-facing websites that deal with less sensitive transactions. This certificate requires organizations to prove domain ownership and provide documentation that the business is legally registered. OV-secured sites also display a padlock.
Domain Validated certificates
The validation process to obtain this SSL certificate type is minimal, and as a result, Domain Validation SSL certificates provide lower assurance and minimal encryption. They tend to be used for blogs or informational websites – i.e., which do not involve data collection or online payments. This SSL certificate type is one of the least expensive and quickest to obtain. The validation process only requires website owners to prove domain ownership by responding to an email or phone call. The browser address bar only displays HTTPS and a padlock with no business name displayed.
Wildcard or WV SSL certificate
These kinds of certificates provide secure communication with main domains and their unlimited subdomains. A Wildcard certificate is much more affordable than several single-domain SSL certificates.
Multi-Domain or MD SSL certificate
Using this certificate, you can secure up to 100 different domains and subdomains. In addition, you can have the Subject Alternative Name (SAN) section to add, change or delete the SANs if necessary. All of the above certificates are also included in this type of SSL.
Unified Communications or UCC Certificate
These certificates are also considered multi-domain SSL. UCC was originally designed to secure Microsoft Exchange and Live Communications servers; however, today all websites can use Unified Communications certificates.
Why does my website need an SSL Certificate?
SSL certificates keep online interactions private even though they travel across the public Internet, and they help customers gain the confidence to provide personal information on your website. If you ask users of your website to sign in, enter personal data such as credit card numbers, or view confidential information such as health benefits or financial accounts, you need to keep the data private. You also need to assure them that your website is authentic. SSL is also used for email servers, web-based applications, server-to-server communications, and more.
How does a website obtain an SSL certificate?
For an SSL certificate to be valid, domains need to obtain it from a certificate authority (CA). A CA is an outside organization, a trusted third party, that generates and gives out SSL certificates. The CA will also digitally sign the certificate with their own private key, allowing client devices to verify it. Most, but not all, CAs will charge a fee for issuing an SSL certificate.
Once the certificate is issued, it needs to be installed and activated on the website’s origin server. Web hosting services can usually handle this for website operators. Once it’s activated on the origin server, the website will be able to load over HTTPS and all traffic to and from the website will be encrypted and secure.
Using an SSL certificate is one of the safest ways to help establish a secure connection between the web server and the client. At the same time, making a strong password is the most important thing to do. Passwords are the first defense line, which helps users to ensure data security and prevent hackers from accessing their sensitive information. The strength of this barrier depends on its complexity, length, and using a diverse selection of numbers, special characters, and letters.