Secure Sockets Layer (SSL)
What is SSL?
SSL, which stands for secure sockets layer, is a standard technology protocol designed for securing communications between two or move devices over an insecure network. Whatever web host you use, SSL should be a top priority within your web infrastructure - whether you pay or opt for free web hosting. Developed by Netscape in 1994, the SSL protocol uses a cryptographic system that establishes an encrypted link between a server and a client, preventing third-parties from reading or modifying any sensitive data transferred between them. It keeps internet connections secure and prevents people from gaining access to information transferred between two systems.
The importance of SSL certificates
In order to establish this encrypted link, website owners must acquire an SSL certificate that protects all data transmitted between the web server and browser. It uses encryption algorithms to mix up data as it’s being transferred online, which prevents hackers from being able to read it. There are certain web hosting providers that come with built-in certificates, or site managers may choose to purchase them individually. To get a better understanding of which provider to choose, check out our list of the best free SSL certificate providers.
Websites secured by an SSL certificate have a lock icon displayed next to their URL. Upon clicking on this icon, users can see the certificate’s details including validity, registered owner, domain name, issue date and certificate authority. In addition, a website secured by an SSL certificate will begin with HTTPS (which is short for HyperText Transfer Protocol Secure). If a website doesn’t have an SSL certificate, only the letters HTTP will appear.
There are a variety of reasons that websites need SSL certificates. Some of these include:
Keeping user data secure
Preventing hackers from illegally duplicating the site
Create a sense of security for anyone who visits
If a website is asking visitors for personal details such as financial information, medical records or login credentials, then having an SSL certificate is a must to ensure the safety and security of their private information.
How do SSL certificates work?
When hosting a website, SSL works by linking the identities of websites, companies, and other entities to cryptographic key pairs that consist of a private key that is kept secure and a public key that can be distributed via a certificate. Any data encrypted with a public key can only be decrypted with the relevant private key, and vice versa. In order to minimize the processing power required for this process, a symmetric session key is created using a process known as “SSL handshake.”
This handshake protocol is layered on top of a TCP (Transmission Control Protocol) connection and involves multiple steps that enable client and server to exchange the necessary information in a secure manner. While the exact steps of this process may vary depending on the kind of key exchange algorithm and the cipher suites used, there are four main phases:
A browser connects to a web server secured with an SSL certificate, and requests that the server identifies itself.
The server sends a copy of its certificate and public key.
The browser checks the validity of the certificate against a list of trusted certificate authorities and selects the highest level of encryption supported by both parties. It then creates and encrypts a symmetric key session, which is sent back using the server’s public key.
Once the server has decrypted the symmetric session key using its private key, it responds with an acknowledgement encrypted with the session, and the handshake protocol ends.
You may also be interested in:
What are the main types of SSL?
There are three main types of SSL certificates:
DV (Domain Validated) certificates
These verify the ownership of the domain name. They're the most basic type of SSL certificate and are usually the least expensive.
OV (Organization Validated) certificates
These verify the identity of the organization that owns the domain name. They're more expensive than DV certificates, but they offer a higher level of security.
EV (Extended Validation) certificates:
These certificates offer the highest level of security and are another type of organization validated certificates They verify the identity of the organization that owns the domain name and also verify the organization's physical address. EV certificates are the most expensive type of SSL certificate.
SSL vs. TLS
SSL is the predecessor to TLS (transport layer security). TLS was originally introduced in 1999 as an upgrade of SSL 3.0 with an SSL fallback mechanism for backwards compatibility. There are two main theories as to why the name of the protocol was changed from SSL to TLS. Some believe it was made to avoid legal issues with Netscape in order to develop the protocol as an open standard. Others, however, think this change was an effort by the IETF (Internet Engineering Task Force) to please Microsoft, as the Internet Explorer 5 was the most popular browser at the time.
In 2014, SSL 3.0 was found to be vulnerable to the POODLE attack, which exploits the padding validation algorithm to reveal information from encrypted HTTPS communication. As a result, SSL 3.0 was deprecated in 2015. In spite of this, many sites and providers continue to refer to the protocol as SSL or SSL/TLS as the original name remains a better known and more commonly used term in the world of website security.
Learn how to make a website.