What is SSL/TLS certificate
Information security on the Web is one of the main issues that site owners should pay close attention to. In the world of rapidly growing cyber threats, they need to clearly understand how to prevent data leakage or protect their resource from access to it by third parties.
The installation of SSL certificates has become a modern standard for site security. However, such a protection mechanism is relatively new and difficult for the mass user. Let's understand what this technology is and how it ensures the security of information on web resources.
What is an SSL certificate?
Before proceeding to the point on why the site needs an SSL certificate, it is worth noting the concept of the SSL protocol itself. This is a cryptographic protocol that provides reliable data transmission over the network. It is a guarantee of a secure connection between the user browser and the resource.
HTTP vs HTTPS
HTTPS has greatly enhanced the security of HTTP data. If SSL is installed on the site, then all data is transmitted via HTTPS - a secure version of the HTTP protocol. It encrypts user data and forwards it to the site owner via the TCP transport protocol. In other words, all information transmitted by the user is hidden by encryption from third parties: operators, Wi-Fi administrators, and providers.
How SSL protocol works
As you know, the basis of all encoding methods is a key that helps to encrypt or read information. The SSL protocol uses an asymmetric cipher with two kinds of keys:
- Public. This is actually an SSL certificate. It encrypts data and is used when transmitting user information to the server. For example, a visitor enters his bank card number on the site and clicks on the "Pay" button.
- Private. Required to decode the message on the server. It is not transmitted along with the information, as is the case with the public key, and always remains on the server.
- For a site to handle such connections, its owner needs an SSL certificate. This is a kind of digital signature, which is individual for each platform.
What's inside an SSL certificate
An SSL certificate may contain the following important information:
- domain of the site on which the certificate is installed;
- name of the company owner;
- country, city of company registration;
- SSL certificate validity period;
- Certification Authority Information;
- Serial number of the SSL;
- SAN items (Multi-domain SSL);
- Trusted and Untrusted Certificates.
The main source of SSL certificates are trusted certification authorities or Certification authorities (CAs). These are organizations that have undeniable authority in the IT services market and use the well-known public cryptographic key. In browsers, their list can usually be found in the "Trusted Root Certification Authorities" section.
A digital signature certified by a certificate of such a center is a proof of the authenticity of the company that owns the domain name and determines the right of the owner to legally use the secret key. It is called trusted.