What Is an SSL Certificate in Web Hosting
Specific security services are necessarily effective against only specific threats, they may be completely inappropriate for other security threats.
To understand SSL, it is essential to know about the environment for which it has been designed.
Even though SSL is a flexible protocol that is finding use in many different applications, the original motivation for its development was the internet.
Save up to 74% on SSL, click here to claim
The protocol’s designers needed to secure electronic commerce and other web transactions.
That environment is certainly perilous enough.
Consider, for example, what happens when a user in UK London places an online order from a web site in Michigan.
The user’s messages contains sensitive information such as credit card numbers, that might pass through systems may travel a complex path from Uk to Michigan, crossing through many countries, over various networks, and on many different facilities.
Some of those facilities are likely to belong to private enterprises, many of which are not subject to any regulation or other laws governing the privacy of the information they transport.
Neither the user nor the web server has any control over the path their messages take, nor can they control who examines the message contents along the route.
From a security standpoint, it is as if the user wrote her credit card number on a postcard and then delivered the postcard as a message in a bottle.
The user has no control over how the message reaches it’s destination, and anyone along the way can easily read its contents.
E-commerce cannot thrive in such an insecure environment, sensitive information must be kept confidential as it traverses the internet.
Websites like eavesdropping isn’t the only security threat to web users. It is theoretically possible to divert web messages to a counterfeit website.
Such a counterfeit site could provide wrong information, collect data such as credit card numbers with impunity or create other mischief.
The internet needs a way to assure users of a website’s true identity, likewise many websites need to verify the identity of their users.
Another security challenge facing web users is message integrity.
A user placing an online stock trade certainly wouldn’t want his instructions garbled in such a way as to change “Sell when the price reaches $200” to “Sell when the price reaches $20.”
The missing zero can make a significant difference in the user’s fortunes.
Fortunately, engineers were thinking about these security issues.
Netscape communications began considering web security while developing its very first web browser to address the concerns.
Get up to 62% off Positive SSL and secure your site in minutes!. Click here to get yours now.
Netscape then introduced secure sockets layer protocol, in short “SSL”.
In this post, we will be focusing on SSL and how it works.
So what is an SSL?.
The main role of SSL is to offer security to the web traffic.
This security includes confidentiality, integrity of message and authentication.
These elements of security is achieved by the SSL with the help of cryptography, digital signature and certificates.
How The SSL Works
SSL consists of two distinct entities, namely server and client.
The client is the entity which starts the transactions.
On the other hand, server is the entity which responds to client and negotiates with cipher suites, which will be used for encryption.
In SSL, client is a web browser and server is the website.
SSL works on three protocols namely the handshake protocol, record protocol and alert protocol.
The server is authenticated by the client at the time of handshake protocol.
After that, record protocol phase come into play to encrypt data transfer once the handshake protocol is completed.
Lastly alert protocol is used to handle any questionable packets, if any alarms tick on any point during the time of session.
In this protocol, server is always authenticated by the client, and server also consist the option of authenticating the client.
In other words, you can say that during the handshake protocol clients are not authenticated by the web servers as it has other ways to verify the client other than SSL.
At the time of handshake protocol, the above steps take place, firstly the session capabilities are negotiated means the encryption algorithms are negotiated and secondly server is authenticated to the client.
Symmetric cryptography is used for the bulk data encryption during the transfer phase in SSL and asymmetric cryptography is used to negotiate the key used for the symmetric encryption.
Sometimes, it is possible that server may ask a client to authenticate itself but it is optional and not necessary to the protocol.
How does the SSL certificate create a secure connection?.
When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake”.
Essentially, three keys are used to set up the SSL connection:
- Session keys
Anything encrypted with the public key can only be decrypted with the private key, and vice versa.
Browser connects to a web server secured with SSL (https).
Browser requests that the server identify itself.
Server sends a copy of its SSL certificate, including the server’s public key.
Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired and unrevoked. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
Server decrypts the symmetric session key using it’s private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
The server and browser now encrypts all transmitted data with the session key.
Looking for the best SSL for your ecommerce store, business website or blog at affordable prices?. Click here.
Why You Need SSL
Why is an SSL certificate important?.
There are three main reasons why using an SSL Certificate on your website is vital.
Using an SSL Certificate will encrypt data between a users browser and your web server and vice versa.
The information sent between a web server and browser goes through many different devices such as routers, switches, proxy servers etc. And if any of these devices have been hacked then your information could be copied and read.
By using an SSL certificate you enable the encryption of the data and this means that no one can see the information if they intercept it en-route.
If your website visitors see that padlock in the browser address bar it shows them your site is using encrypted data.
For sites like eCommerce sites where financial transactions occur this is a way to show your users that you care about their security and privacy.
Even for blogs, having an SSL certificate and therefore showing the padlock in browsers reassures visitors that you are ‘security aware’ and that just helps them trust you.
There is a technical thing called HTTP/2 which is an improved way for browsers and web servers to talk to each other.
If your website is configured to take advantage of HTTP/2 it can help make your website faster.
Normally when a browser shows a webpage it has to ask the web server for the HTML, this is what you see when you right click and choose view page source. Then for every image, stylesheet and script, the web page uses the browser to ask the web server for each one individually.
All of these individual requests for things you see on a web page take time.
HTTP/2 allows a website to send everything to the browser so this speeds things up.
For HTTP/2 to work, both the web server and the website need to be configured to use HTTP/2 for there to be any speed increase.