Tech Peak » What is an SSL certificate?

What is an SSL certificate?

by mohsinbeg
SSL certificates

An SSL certificate ( Secure Sockets Layer) is a digital certificate that is associated with a domain name or a URL. Also called a TLS (Transport Layer Security) certificate, it makes it possible to establish with certainty the link between the website and its owner (company, merchant or individual). Authentication of the website makes it possible to secure electronic exchanges with users who connect to it via the Internet.

The Domain Name System is a service that translates a domain name into information, in particular into the IP addresses of the server hosting this domain name.

A domain name (DN) is the identifier of a website (www.monsite.com for example).

A subdomain is the internet address of part of your website (e.g. mail.monsite.com)

The SSL certificate allows you to establish trust:

  • by authenticating a site
  • by encrypting all the information (personal, banking, etc.) between this site and the person connecting to it. It thus guarantees the confidentiality of exchanges.

Visitors can leave their credit card number and personal information securely and confidently. This Prima Secure SSL certificate also makes it possible to secure online transactions; the information given by the customer cannot be intercepted, diverted or decrypted by another person.

How does an SSL certificate work?

On a technical level, digital identifications or digital certificates make it possible to associate a public key with its real owner. The site’s public key allows the exchange of a secret session key; this will encrypt the information transmitted between the client and this website. It also makes it possible, via an integrity check module included in the encryption functions, to verify that the message has not been modified during its passage over the Internet.

The Certification Authority, the organization that issues the SSL certificate, acts in a way like a Prefecture or a Town Hall that issues identity cards; It initiates a series of checks according to very strict rules, in order to establish with certainty the identity of the company and the web server; the Certification Authority then issues the SSL certificate and returns it to the administrator of the certified website.

Your SSL certificate, the true electronic passport of your website, contains the following information:

  • The URL of the site to be certified (ex: www.monsite.fr)
  • Your business contact details
  • Your public key (which allows information to be encrypted)
  • The name of the Certification Authority, which issues this electronic passport
  • The expiration date of this SSL certificate
  • The signature of the Certification Authority

Why do we need an SSL certificate?

Users carry out their transactions on sites that they know are certified and secure; they ensure that the activity of the company is real and that the communications are encrypted, so as to remain confidential.

SSL certificates are also used to prove the identity of the website owner to users who connect, and prevent a malicious site from impersonating it and hijacking its customers or visitors.

The Certification Authority undertakes a series of checks according to very strict rules, in order to establish with certainty the identity of a company and its web server. The SSL certificate, once manufactured, will give customers the following assurances:

  • Proof of company identity : a unique electronic passport is issued for a website, assuring customers of the authenticity of the site, allowing encryption and thus guaranteeing the confidentiality of communications.
  • Strong security : based on the “public key” encryption model, derived from military technologies, SSL certificates provide a very high level of security. Since SSL encryption technology is already implemented on a server, the company must obtain an SSL certificate.
  • Simple to use : Transparency for customers

What is SSL?

Secure Socket Layer – SSL – is a protocol for authentication and encryption of Internet sessions, also known today as Transport Layer Security – TLS.

Netscape developed this technology. All manufacturers of computer hardware and Internet access software, in particular, all web servers and current browsers on the market have now adopted this standard.

This protocol allows the essential functions:

  • Authentication of the web server and, where applicable, of the people who connect to it
  • encryption
  • Data integrity control, in order to secure the information passing through the Internet

 

Who uses SSL certificates?

More and more companies are using an SSL certificate to secure their website. This and to arouse the confidence of the Internet user.

The first certificates already issued primarily concerned:

  • E-commerce sites to secure sales transactions on the Internet
  • Banks that offer their customers secure access to their information (bank account, stock portfolio, etc.)
  • Administrations for their internal exchanges or for teleprocedure applications
  • Industrial companies that secure their intranets, extranets, EDI applications, etc.
  • Web messaging services and social networks (Google, Yahoo, Facebook, etc.)

Indeed, SSL certificates are used in particular to:

  • Encrypt confidential and strategic information:
    • sent by a customer to a merchant site (customer information, bank card numbers, etc.);
    • that a company transmits to its remote partners or employees connected to the Internet;
    • present and exchanges on a company’s intranet;
  • Secure exchanges and transactions on messaging services;
  • Give confidence to connected users thanks to the authentication and accuracy of the content of the information present: information server, bank, administration, intranet or extranet, online sales, etc.

 

SSL certificates, several possible choices:

Depending on the configuration of your web servers and your websites, there are several types of certificates:

There are 3 types of SSL certificates:

  • DV : “Domain validated” makes it possible to secure a website.
  • OV : “Organisation validated” secures the institutional website of your organization.
  • EV : “Extended validated” allows enhanced security of your site by the presence of a green bar on the URL line of the browser
  • RGS* certificate: This certificate is intended for organizations in the public sector. It complies with the RGS standard and is recognized by the French administration.

Wildcard or SAN options : If you have several domain names to protect, you can choose between the Wildcard option or the SAN option. These options allow you to include several domain names in the same certificate.

The “wildcard” option (*. before your domain name) allows you to secure all the subdomains of your website with the same certificate.

For example, if the domain name is https://www.monsite.fr, it is possible to position the following URL addresses in a Wildcard certificate:

  • https://intranet.monsite.com
  • https://secure.monsite.com
  • https://webmail.monsite.com

The SAN (Subject Alternative Name) option makes it possible to secure several different domain names belonging to my organization.

For example, if the domain name is https://www.monsite.fr, it is possible to position the following addresses in the same certificate:

  • https://www.monsite.com
  • https://www.monsite2.com

What is the difference between a DV SSL certificate and an OV SSL certificate?

The technical characteristics of the certificate remain the same whether for a DV or an OV; namely a maximum security level of 256 bits with a 2048-bit RSA key and a SHA-2 hash algorithm.

The difference is based on the verifications carried out by the Certification Authority; in the case of a DV SSL certificate, the dedicated production team verifies that the certificate applicant is indeed the owner of the given domain name, using the information appearing in the WHOIS. To issue an OV SSL certificate, the dedicated production team verifies not only that the certificate applicant is the owner of the domain name but also the owner of the company. The company must be listed in the database of the corresponding commercial register. What’s more, the name of the company will appear in the title of the OV SSL certificate itself.

 

What is the difference between an OV SSL certificate and an EV SSL certificate?

To issue an EV SSL certificate, the dedicated production team carries out a thorough audit of the company, thus ensuring the highest level of reliability. The EV SSL certificate is generally used by world leaders in e-commerce. With this certificate, the browser bar is displayed in green, which guarantees maximum security and legitimacy for a site. Acquiring an EV SSL certificate is no more complex than an OV SSL certificate. However, it increases the confidence of Internet users in the security of your website, which can help increase your online sales.

Also check: Software security trends 2022

What does “256 or 2048 bit key” mean?

A key is a number or a couple of numbers. The number of bits in a key corresponds to the size of the key, ie the magnitude of the number. The larger the size of a key, the higher the level of security.

There are two types of key, each usable for a specific type of algorithm: symmetric or asymmetric.

When we talk about 256-bit keys, we are talking about symmetric “session keys”, which encrypt confidential information according to a symmetric algorithm – the most common are AES algorithms. This is then referred to as a “256-bit AES key”.

When we talk about 2048-bit keys, we mean “signing keys” or “session key encryption keys”, used by asymmetric algorithms – the most common is RSA. We then speak of a “2048-bit RSA key”.

Indeed, for performance reasons, it is faster to encrypt a message with a symmetric key than with an asymmetric key of comparable strength. It is therefore necessary to be able to transmit the symmetric key in complete confidentiality to its interlocutor; the symmetric key is used both for encryption and decryption of the message. It is by means of the recipient’s public key that the session key is encrypted and transmitted to the recipient in complete confidentiality. Securing a website using an SSL certificate then becomes essential and a must in the market.

 

Who issues SSL certificates?

A certified trusted third party can issue a certificate. Actor in the development of trust in the digital world, it intervenes in the protection of identity, documents, transactions and digital memory. He engages his legal responsibility in the operations he carries out on behalf of his client.

The organizations that produce SSL certificates are called Certification Authorities (AC or CA in English for Certification Authority).

Important Talk’s:

You may also like

Leave a Comment