What is an SSL (Secure Sockets Layer) Certificate
Secure Sockets
Layer(SSL) certificate provides a secure connection between internet browsers
and websites, so that data transmits securely over internet. Websites secured
with SSL display a padlock in the browsers URL and a green address bar if
website is secured by an EV(Extended Validation) Certificate. Users on
websites with SSL Certificates will also see " https:// " in the
address bar.
SSL protocol is
used to protect e-business house or e-commerce customers, and it ensures that
their online transactions remain confidential. All web browsers have the
ability to interact with secured websites as long as the website's certificate
is from a recognized certificate authority.
Normally you can
see the difference when you visit the site with a browser. Firefox for example
will highlight the domain in blue for domain-validated SSL, and green for
extended-validation SSL.
Extended Validated Website : https://www.symantec.com
Extended
Validation (EV) : An Extended
Validation Certificate (EV) is an public key certificate issued according
to a specific set of identity verification criteria. These criteria requires
extensive verification of the requesting entity's identity by the CA before a
certificate is issued. Certificates issued by a CA under the EV guidelines are not different from other
certificates hence we can say that those provide no stronger cryptography than
other, cheaper certificates). EV certificates are mainly presented by web
servers to web browsers for use with Transport Layer Security(TLS) connections.
This does not guarantee that there isn't a man-in-the-middle attack, or
net-wide DNS poisoning. This just ensures that the website you are accessing is
the same one as the Certificate Authority views.
Why do we need SSL (Secure Socket Layer) on websites
Internet growth has attracted fraudsters and cyber
criminals to exploit any opportunity to steal consumer's confidential
information like bank account numbers
and card details. Unless the connection between a client (e.g. internet
browser) and a web server is encrypted, then any moderately skilled hacker can
easily intercept and read the internet traffic.
How does SSL Certificate creates a Secure Connection -
1. Browser connects to a web server secured with SSL (https) eg https://www.cybersecuritydelhi.com
2. Browser sends request to the web server to identify itself.
3. Web server sends a copy of its SSL Certificate along with the web server's public key.
4. Browser checks the certificate's root against a list of trusted CAs and checks that SSL is not expired and its common name is valid for the website that it is connecting to. If browser trusts the certificate then it creates, encrypts and sends back a symmetric key session using the web server's public key.
5. Web Server decrypts the symmetric session key using its private key an sends back an acknowledgement encrypted with the session key to start the encrypted session.
6. Web server and Browsers encrypts transmitted data with the session key.
7. Encrypted data is shared between the browser and the web server and "https" appears in the URL bar.
How does SSL Certificate creates a Secure Connection -
1. Browser connects to a web server secured with SSL (https) eg https://www.cybersecuritydelhi.com
2. Browser sends request to the web server to identify itself.
3. Web server sends a copy of its SSL Certificate along with the web server's public key.
4. Browser checks the certificate's root against a list of trusted CAs and checks that SSL is not expired and its common name is valid for the website that it is connecting to. If browser trusts the certificate then it creates, encrypts and sends back a symmetric key session using the web server's public key.
5. Web Server decrypts the symmetric session key using its private key an sends back an acknowledgement encrypted with the session key to start the encrypted session.
6. Web server and Browsers encrypts transmitted data with the session key.
7. Encrypted data is shared between the browser and the web server and "https" appears in the URL bar.
Benefits of Encryption by SSL-Encryption Protects Data During Transmission
Credentials Establish Identity Online
SSL Certificates are
credentials for the online world, uniquely issued to a specific domain and web
server and authenticated by the SSL Certificate provider. When a browser
connects to a server, the server sends the identification information to the
browser.
To view website's credentials, please follow following steps:-
1. Click on the padlock visible in the browser.
2. Clcik on the trust mark such as Digicert or Norton Secured Seal etc).
3. Look the green address bar, green color appears in case of Extended Validation(EV).
To view website's credentials, please follow following steps:-
1. Click on the padlock visible in the browser.
2. Clcik on the trust mark such as Digicert or Norton Secured Seal etc).
3. Look the green address bar, green color appears in case of Extended Validation(EV).
SSL
Certificate Authority
SSL certificates
are issued by a Certificate Authority (CA). Before
issuing a certificate CA confirms the identity of the company applying for the
certificate, and makes sure that the applicant owns the domain named in the
certificate. Certificates issued to a website are chained to what is known as a
'trusted root' certificate, which is owned by the CA. These root certificates
are embedded in what is known as the 'certificate store' in popular internet
browsers such as Chrome, Firefox and Internet Explorer.
If
a browser encounters a website certificate which chains to a root in its
certificate store, then it allows the https connection to proceed. If the
browser encounters a certificate which is not chained to a root in its store,
then it will warn the end user that the connection is not trusted and that the
user should not submit any confidential information.
Details
included in a certificate -
Certificates are issued to companies or
legally accountable individuals and will typically contain
the domain name, company name, address, city, state, an issued date and an expiry date and contain details
of the certificate authority responsible for issuing the certificate.
When a browser requests a https connection to a website, it retrieves the website's
certificate, it makes sure that it is not expired, checks that it is chained to
a root in its certificate store, and will check it is being used by the website
for which it has been issued. If it fails any of these checks, the browser will
display a warning to the end user.Difference between SSL and TLS
TLS (Transport Layer
Security) is an updated version of SSL
SSL Installation Step by
Step Guide
Step1-
Login into WHM
Generate a CSR (Certificate Signing Request)for your
web server.
(A CSR is an encoded file that provides a
standardized way to send the public key to SSL provider/CA along with some information that
identifies your company and domain name.)
COPY it in a word file.
Step2
Purchase and Download SSL Certificate
Normally it is a zip folder which contains SSL
Certificate and Key.
Step 3
Install SSL on Web server
Copy Private key in the given text box
Copy SSL Certificate in the given box
If you wish , you can paste Certificate
Authority Bundle
Next Step-
Now click on Install Button and its done.
Step 4
Restart all the services or web server
Check SSL Certificate has installed
correctly or not
Visit your vendor websites as normally all vendors
provide links to check the SSL installation. eg
https://www.sslshopper.com/ssl-checker.html
https://www.geocerts.com/ssl_checker
https://www.ssllabs.com/ssltest/ provides more detailed information and you can
improve weaker parts also.
Important Note- SSL Certificate installation does not mean that online data transfer is
100 percent secure and you can peacefully close your eyes :-) :-)
I will be posting some more interesting information about SSL certificates on
website www.cybersecuritydelhi.com therefore keep visiting the website.