How do SSL certificates actually work?

As we all know, Cyber Security has become a major concern for all Internet users. An SSL certificate is by far the best and easiest solution to secure websites and the data transmitted through them from getting stolen or hacked. The acronym “SSL” stands for Secure Socket Layer and is referring to the layer that the security protocol takes place on, in laymen’s terms, it secures your websites with encryption.

When a browser attempts to access a website that is secured by an SSL certificate, the browser recognizes the SSL and then the web server and browser establishes a secure connection or session, this process is sometime called an “SSL Handshake” (see diagram below). Note that the SSL handshake happens instantaneously and remains invisible to the users.

There are three keys used to set up to establish an SSL connection: public, private, and session keys. Basically, anything encrypted with the public key can only be decrypted with the matching private key and vice versa.

Generally, encrypting and decrypting with private and public keys takes a lot of processing power, therefore they are used only during the “SSL handshake” to create a symmetric session key. After the secure connection is established, the session key is used to actually encrypt all the transmitted data.

How SSL Certificates Work

Function of SSL Certificate

SSL Certificate comes up with 2 important functions

1) SSL Encryption which allows user to securely transmit data over internet

2) Identity validation which verifies whether the business is legitimate.

Comodo-Positive-SSL-Certificate-review

Server Browser Communication – Learn How SSL Certificate Works

When a user access a SSL secured website

  • The browser tries to connect that SSL encrypted website.
  • Then browser asks the web server to identify itself.
  • For identification, the servers sends SSL Certificate’s copy to the browser.
  • Now the browser analyze the certificate verify whether to trust it or not.
  • If the browser trusts the certificate, it gives a message to the server
  • After that, to start the SSL encrypted session, the server sends back a digitally signed acknowledgement to the browser.
  • Now the Data shared between browser and server is being encrypted and HTTPS appears.

How to Enable HTTPS or how to make a website HTTPS encrypted?

Get an SSL Certificate: First requirement to enable HTTPS is you must have an SSL Certificate. There are mainly 3 type of SSL certificate for web security (1) Domain Validation (2) Organization validated (3) Extended Validated, get any of these SSL certificate which is suitable for your website’s security. You can get SSL certificate ether on SSL Certificate authority’s website or via Resellers. If you select SSL from trusted SSL resellers, you will get a good amount of price benefits.

Generate CSR and Private Key: Once you adopt an SSL certificate, the very next step is to generate CSR and private key. CSR (Certificate Signing Request) will be generated using CSR Tool which will be available on Certificate Authority or on your Server manager. Fill out the correct information during CSR generation process. You will get CSR and Private-Key in encoded (cryptographic) format. Save the CSR and Private-Key into a file on your server or hard-drive.

Domain and Business Validation: After CSR and Private-Key generation, the Certificate will ask the issuer to submit several business documents for verification. In case of domain validation, the verification process will be completed via either checking of Domain Registrar’s information, via Email or via uploading File.

In case of Organization validated, Extended validation and code signing certificate option, the business document verification is mandatory and for that the issuer need to submit documents required by the certificate authority. After verification of all document if they meet CA’s requirements, CA will quickly approve the certificate.

Note: Documents required by CA will be different which depends of Certificate Authority.

Comodo-EV-SSL-Certificate-BannerSSL Installation: Once the domain & business been verified by CA, the SSL Certificate is now read to install on Server. The user must know how to Install SSL Certificate on his server.

After completion of SSL Installation process, the website is ready with HTTPS and secured connection will be established when user will browser that SSL encrypted website.

How the Website encrypted with SSL Certificate will look in browser?

Domain Validated SSL – Website Secured with DV SSL Certificate will display only HTTPS in with Green Pad Lock.

Domain Validation Function

 

Organization Validated SSL – Website Secured with OV SSL Certificate will display HTTPS in with Green Pad Lock and it also displays business information in Website seal.

Organization Validation SSL - Function

Extended Validated SSL – Website Secured with OV SSL Certificate will display HTTPS, Green Address Bar along with Organization name in URL and business information will be also displayed in website seal.

EV SSL Certificate - Function

More about SSL:

comodo-code-signing-banner-aboutssl-org