What is SSL?
SSL (Secure Sockets Layer) is a technology which is used for establishing an encrypted link between a server and a client/user.
SSL allows transferring sensitive information or data (such as credit card number, bank account details, login credentials) securely from the server to the client/user or client/user to the server. Normally, the information or data sent between browsers and web servers is sent in a plain text format (in a format easily understandable by the humans). Now if an Attacker is able to intercept the information or data sent between a browser and web server, then he will be able to see all the information (like your credit card number, your bank account details, your login credentials and other information). Now this information can be misused by an Attacker/Hacker and probably would land you in trouble in some cases.
You should also read,
What is Brute Force Attack in Cryptography?
The Websites which stores sensitive information (like your bank’s website, Paypal, Facebook) uses SSL (Secure Sockets Layer) to ensure your privacy. The data transmitted between these sites from server to the client/user or client/user to the server is encrypted/secure and if an Attacker/Hacker, somehow intercepts the information he will not be able to read it as it will be in encrypted format. And if Attacker/Hacker will try to decrypt the information then it will probably take hundreds or even thousands of years to decrypt that information.
What is an SSL Certificate and How Does it Work
SSL Certificates are small data files which store two cryptographic keys ( a public and a private key) which work together to establish an encrypted/secure connection. These SSL Certificates are digitally signed by a trusted CA (Certificate Authority) like GoDaddy, COMODO, DigiCert. Anyone can create an SSL certificate, but browsers only trust certificates that come from an organization on their list of trusted CAs. Browsers come with a pre-installed list of trusted CAs. Whenever you try to communicate with a site (like Google, Facebook, Twitter) on which SSL Certificates are installed your browser will automatically tell you that whether the site is secured with SSL and if it is safe to visit/browse.
When a browser attempts to access a website that is secured by SSL, the browser, and the web server establishes an SSL connection using a process called an SSL Handshake. There are three keys that are used to set up the SSL connection i.e. the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key and vice versa. Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data.
Following steps takes place while establishing a secure connection.
1. Browser tries to establish a connection between a web server (website) secured with SSL (https) and also requests the server to identify itself.
2. The server sends a copy of its installed SSL Certificate, including the server’s public key.
3. The browser then checks the certificate root against a list of trusted CAs. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
4. The server decrypts the symmetric session key using its private key and sends back an acknowledgment encrypted with the session key to start the encrypted session.
5. Finally, Server and Browser encrypts all the transmitted data with the help of session key.
Different Types of SSL Certificates
There are mainly three types of SSL Certificates, all offering increased security than other. Below are types of SSL Certificates in their increasing order of security.
1. Domain Validation (DV) SSL Certificates
When these types of Certificates are issued to an applicant the CA (Certificate Authority) checks the right of the applicant to use a specific domain name. This is typically done by the CA sending an email to the domain owner (as listed in a WHOIS database). Once the owner responds, the certificate is issued. These types of certificates only contain the domain name and because of the minimal checks performed, this certificate if issued quicker than other types of certificates.
The Browser shows a padlock in the address bar of the website on which Domain Validation (DV) SSL Certificates are installed.
2. Organizational Validation (OV) SSL Certificates
When these types of Certificates are issued to an applicant the CA (Certificate Authority) checks the right of the applicant to use a specific domain name and also some other information through the use of public databases. Since these types of certificates contains the company name and the domain name for which the certificate was issued. It gives enhanced visibility to the visitors and increases trust.
The Browser shows a padlock (also shows additional information provided when you click on the padlock) in the address bar of the website on which Organizational Validation (OV) SSL Certificates are installed.
3. Extended Validation (EV) SSL Certificates
When these types of Certificates are issued to an applicant the CA performs a thorough check/investigation to validate the originality of the applicant. When these types of SSL Certificates are installed CA verifies the legal and physical of the entity. CA also confirms this by checking the official records of the entity. Some other checks are also performed, for verifying the right of the entity to use the domain specified in the EV SSL Certificates. Because of the strict vetting procedures that CAs use to check the information about the applicant, these types of certificates takes longer time than the other certificates for issuance. This is all because of the strict authentication procedure followed.
The Browser shows a green address bar in the address bar of the website on which Extended Validation SSL Certificates are installed.
So that was all about SSL and SSL Certificates. Hope you enjoyed reading it. If you have any queries do ask me in the comment section. And if you found it helpful please do share it with your friends.
This post is written by Harry S Bhatti, Founder/Editor of HackingPress.
Message: I hope that you have enjoyed ‘What is SSL (Secure Sockets Layer) Certificate and How it Work: A Novice Guide‘ article. However, if you want me to deliver more items, then please share my post. You can use Social Sharing Widget provided at the end of every post. After all, Sharing is Caring!