Friday, July 16, 2021

Everything You Need to Know About SSL Certificates

What is an SSL certificate? 

What is SSL?

SSL stands for Secure Sockets Layer, a global standard security technology that enables encrypted communication between a web browser and a web server. It is utilized by millions1 of online businesses and individuals to decrease the risk of sensitive information (e.g., credit card numbers, usernames, passwords, emails, etc.) from being stolen or tampered with by hackers and identity thieves. In essence, SSL allows for a private “conversation” just between the two intended parties.

To create this secure connection, an SSL certificate (also referred to as a “digital certificate”) is installed on a web server and serves two functions:

  • It authenticates the identity of the website (this guarantees visitors that they’re not on a bogus site)
  • It encrypts the data that’s being transmitted

Are all SSL certificates the same?

No.

There are many different types of SSL certificates based on the number of domain names or subdomains owned, such as:

  • Single – secures one fully-qualified domain name or subdomain name
  • Wildcard - covers one domain name and an unlimited number of its subdomains
  • Multi-Domain – secures multiple domain names

and the level of validation needed, such as:

  • Domain Validation – this level is the least expensive, and covers basic encryption and verification of the ownership of the domain name registration. This type of certificate usually takes a few minutes to several hours to receive.
  • Organization Validation – in addition to basic encryption and verification of ownership of the domain name registration, certain details of the owner (e.g., name and address) are authenticated. This type of certificate usually takes a few hours to several days to receive.
  • Extended Validation (EV) – this provides the highest degree of security because of the thorough examination that is conducted before this certificate is issued (and as strictly specified in guidelines set by the SSL certification industry’s governing consortium). In addition to ownership of the domain name registration and entity authentication, the legal, physical and operational existence of the entity is verified. This type of certificate usually takes a few days to several weeks to receive.

Who may need an SSL certificate?

Any individual or organization that uses their website to require, receive, process, collect, store, or display confidential or sensitive information. Some examples of this information are:

  • logins and passwords
  • financial information (e.g., credit card numbers, bank accounts)
  • personal data (e.g., names, addresses, social security numbers, birth dates)
  • proprietary information
  • legal documents and contracts
  • client lists
  • medical records

Where can you get SSL certificates?

Probably the most important part of an SSL certificate is where it comes from. SSL certificates are issued by Certificate Authorities (CAs), organizations that are trusted to verify the identity and legitimacy of any entity requesting a certificate.

The CA’s role is to accept certificate applications, authenticate applications, issue certificates, and maintain status information on certificates issued.

You may also be able to purchase digital certificates from a domain name registrar or website hosting provider.

Keep in mind:

When choosing the right SSL provider, consider the fact that users’ web browsers normally keep a cached list of trusted CAs on file – so if a digital certificate is signed by an entity that’s not on the “approved” list, the browser will send a warning message to the user that the website may not be trustworthy.

How will visitors know my site has an SSL certificate?

There are four visual clues:

  1. Padlock to the left of a URL
  2. https URL prefix instead of http
  3. A trust seal
  4. A green address bar (when an EV SSL certificate is issued)

 

https://www.verisign.com/en_US/website-presence/online/ssl-certificates/index.xhtml 



=================================


Website Security Certificate

Why do you need it?
- In order to conduct online business, you need to secure your information as well as customer information. You want to make sure your customer that the web site is actuall yours not a fake one.
There is a big issue with identity theft in unprecedental level. Cyber criminal set up a fake very close to your web site and trick your customer and steal their information.

Certificate will help you to prevent information from stealing. Certificate facilitate a secure, encripted connection between customer computer to your server.

What is certificate?
- It is infact a digital stamp of approval from industry-trusted third party companies known as certificate authority (CA). This file contains information issued by CA which ensures that the website is secured and usages encripted connection. It secures the data transfer, logins and online (credit card) transactions.

Web certificates also called SSL (Secure socket layer or TLS) certificate, or https or SSL certificate. If you installed these certificates, when you open your web site, you will see a padlock on the address bar.

Certificate binds a domain name, server name or hostname.

How certificate works?
- Certificates is used to assert your organizaton's identiry and to mutually authenticate clients and web server to estabilsh a secure, encripted connection through the process called TLS handshake.

The connection is established when authenticating and exchanging keys and generating symmetric session keys.

Once the handshare is completed, with the secure connection, the ifnromation transited from users computer to  your side is secured without man-in-the-middle (MitM) attach.

After certificate is installed, http changes to https which means secure.


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Git branch show detached HEAD

  Git branch show detached HEAD 1. List your branch $ git branch * (HEAD detached at f219e03)   00 2. Run re-set hard $ git reset --hard 3. ...