Saturday, July 25, 2015

What is SSL Certificate and How to Install SSL Certificate

What is an SSL (Secure Sockets Layer) Certificate
Secure Sockets Layer(SSL) certificate provides a secure connection between internet browsers and websites, so that data transmits securely over internet. Websites secured with SSL display a padlock in the browsers URL and a green address bar if website is secured by an EV(Extended Validation) Certificate. Users on websites with SSL Certificates will also see " https://  " in the address bar.

SSL protocol is used to protect e-business house or e-commerce customers, and it ensures that their online transactions remain confidential. All web browsers have the ability to interact with secured websites as long as the website's certificate is from a recognized certificate authority. 

Normally you can see the difference when you visit the site with a browser. Firefox for example will highlight the domain in blue for domain-validated SSL, and green for extended-validation SSL.

Domain Validated Website:  

Extended Validated Website

Extended Validation (EV) : An Extended Validation Certificate (EV) is an public key certificate issued according to a specific set of identity verification criteria. These criteria requires extensive verification of the requesting entity's identity by the CA before a certificate is issued. Certificates issued by a CA under the EV guidelines are not different from other certificates hence we can say that those provide no stronger cryptography than other, cheaper certificates).  EV certificates are mainly presented by web servers to web browsers for use with Transport Layer Security(TLS) connections. This does not guarantee that there isn't a man-in-the-middle attack, or net-wide DNS poisoning. This just ensures that the website you are accessing is the same one as the Certificate Authority views. 

To be more precise "Extended Validation Certificate" tells us about the legal entity who has applied for the SSL certificate.

Why do we need SSL (Secure Socket Layer) on websites

Internet  growth has attracted fraudsters and cyber criminals to exploit any opportunity to steal consumer's confidential information like  bank account numbers and card details. Unless the connection between a client (e.g. internet browser) and a web server is encrypted, then any moderately skilled hacker can easily intercept and read the internet traffic.

How does SSL Certificate creates a Secure Connection - 

1. Browser connects to a web server secured with SSL (https) eg 

2. Browser sends request to the web server to identify itself.

3. Web server sends a copy of its SSL Certificate along with the web server's public key.

4. Browser checks the certificate's root against a list of trusted CAs and checks that SSL is not expired and its common name is valid for the website that it is connecting to. If browser trusts the certificate then it creates, encrypts and sends back a symmetric key session using the web server's public key.

5. Web Server decrypts the symmetric session key using its private key an sends back an acknowledgement encrypted with the session key to start the encrypted session.

6. Web server and Browsers encrypts transmitted data with the session key.

7. Encrypted data is shared between the browser and the web server and "https" appears in the URL bar.

Benefits of Encryption by SSL-Encryption Protects Data During Transmission

Credentials Establish Identity Online

SSL Certificates are credentials for the online world, uniquely issued to a specific domain and web server and authenticated by the SSL Certificate provider. When a browser connects to a server, the server sends the identification information to the browser.

To view website's credentials, please follow following steps:- 

1. Click on the padlock visible in the browser.

2. Clcik on the trust mark such as Digicert or Norton Secured Seal etc).

3. Look the green address bar, green color appears in case of Extended Validation(EV).

SSL Certificate Authority
SSL certificates are issued by a Certificate Authority (CA). Before issuing a certificate CA confirms the identity of the company applying for the certificate, and makes sure that the applicant owns the domain named in the certificate. Certificates issued to a website are chained to what is known as a 'trusted root' certificate, which is owned by the CA. These root certificates are embedded in what is known as the 'certificate store' in popular internet browsers such as Chrome, Firefox and Internet Explorer. 

If a browser encounters a website certificate which chains to a root in its certificate store, then it allows the https connection to proceed. If the browser encounters a certificate which is not chained to a root in its store, then it will warn the end user that the connection is not trusted and that the user should not submit any confidential information. 
Details included in a certificate -
Certificates are issued to companies or legally accountable individuals and will typically contain the domain name, company name, address, city, state, an issued date and an expiry date and contain details of the certificate authority responsible for issuing the certificate. When a browser requests a https connection to a website, it retrieves the website's certificate, it makes sure that it is not expired, checks that it is chained to a root in its certificate store, and will check it is being used by the website for which it has been issued. If it fails any of these checks, the browser will display a warning to the end user.

Difference between SSL and TLS

TLS (Transport Layer Security) is an updated version of SSL

SSL Installation Step by Step Guide
Login into WHM
Generate a CSR (Certificate Signing Request)for your web server.

(A CSR is an encoded file that provides a standardized way to send the public key to SSL provider/CA along with some information that identifies your company and domain name.)
COPY it in a word file.


Purchase and Download SSL Certificate
Normally it is a zip folder which contains SSL Certificate and Key.

Step 3
Install SSL on Web server
Copy Private key in the given text box
Copy SSL Certificate in the given box
If you wish , you can paste Certificate Authority Bundle

Next Step-

Now click on Install Button and its done.
Step 4

Restart all the services or web server

Check SSL Certificate has installed correctly or not

Visit your vendor websites as normally all vendors provide links to check the SSL installation. eg  provides more detailed information and you can improve weaker parts also.

Important Note- SSL Certificate installation does not mean that online data transfer is 100 percent secure and you can peacefully close your eyes :-)  :-)

I will be posting some more interesting information about SSL certificates on website therefore keep visiting the website.

Email Security

Your organization security is at substantial risk if you have not implemented email security policy. Daily we all receive emails which con...