SSL certificates today are very important, especially for website security and in general for overall online security. Even the ordinary internet user today looks for the HTTPS in the address bar; the HTTPS is what indicates the presence of SSL certificate for any website.
Definition of SSL
SSL (Secure Sockets Layer) is a standard security protocol used to establish encrypted links between web servers and web browsers. This helps ensure that whatever communication occurs between a web server and a web browser remains encrypted and totally private. This technology, which has become an industry standard today, is used by websites to protect all communication and data transmitted online.
Detailed explanation about SSL & TLS
While SSL stands for Secure Sockets Layer, TLS is short for Transport Later Security and is just an enhancement to the pre-existing SSL protocol. TLS has been designed with an aim to better protect data in motion. TLS is just a stage in the evolution of the SSL protocol and despite the hairline difference, in essence, SSL and TLS are one and the same. The basic objective of both SSL and TLS is to keep data encrypted and protect it from being compromised. It was after the SSL version 3.0 (released in 1996) that the TLS version 1.0 was released, in 1999. At present we are using TLS version 1.2.
How does SSL Work?
SSL technology works by way of a process that’s called an “SSL Handshake”, which remains invisible to the user and happens instantaneously. Three keys- namely the public key, the private key and the session key- are used to set up the SSL connection. Whatever is encrypted with the public key can be decrypted only with the private key (and vice versa). Since encrypting and decrypting using private and public keys takes a lot of processing time, these keys are used during the SSL handshake to create a symmetric session key, which is used to encrypt all transmitted data once the secure connection is established.
The SSL encryption process is a multi-step one and comprises of the following steps-
• The browser attempts to connect to the website server (SSL secured server).
• The browser would ask the server to identify itself.
• The website/server produces a copy of its SSL certificate and identifies itself.
• The browser then checks if it trusts the SSL certificate.
• If the browser trusts the certificate, the message is sent to the server, which then sends back a digitally signed acknowledgment.
From this point, the SSL encrypted session starts
Benefits of SSL
• SSL certificates protect websites and the data stored in or transmitted through a website from hackers.
• SSL certificates help websites earn trust. The green padlock that appears in the address bar when you browse an SSL-secured website tells you that the website is secure and that you could carry out financial transactions too without any fear of your personal data being compromised. This helps the website earn trust.
• SSL certificates are a great protection against phishing attacks. Phishing websites won’t be able to acquire SSL certificates, which are issued only after proper authentication.
• SSL certificates help businesses build up reputation and also earn customers’ confidence.
• Better search engine rankings are also a direct result of having SSL certificates. Search engines like Google prefer SSL-secured websites over non-HTTPS ones.