A Basic SSL Certificate Definition
While most website managers and IT professionals are very familiar with the use of Secure Socket Layer technology, there are many website owners and do-it-yourselfers that are starting out with small websites and learning on the job.
To provide security to a website, having a basic understanding of the different requirements to protect your website and eliminate hacking, phishing and spoofing is essential. This is done through the use of an SSL certificate. The understanding of this process starts with a basic SSL Certificate Definition.
The certificate is not really a certificate; it is a digital file of data that contains a special key. This key is bound to your organization's details and it is granted by a Certificate Authority or CA to allow secure transfer of data to and from the website.
The SSL actually stands for Secure Socket Layer. This technology was originally developed by Netscape way back in 1994. This was the first commercially available security feature to protect user information over the web.
Prior to this, there was no uniform security or protection offered through websites. Different security systems were in place, but they were not truly secure. Hackers were able to easily infiltrate these systems. The growing ecommerce market, which was then relatively small, made developing a secure data transmission method essential to their development.
With the development of Secure Socket Layer technology, an SSL Certificate Definition that was widely accepted and universally used came into existence. The use of SSL currently extends well beyond the early secure HTTP option to just address browsers and servers; now it can be used to secure all types of data transfer.
You may see an SSL Certificate Definition include the use of TLS. This stands for Transport Layer Security and is officially the name for the new generation of SSL, although many people don't use the new term.
Not all websites use a certificate, although this is rapidly becoming standard on all types of websites, even if the website doesn't do any ecommerce business. This is because most online activity includes some form of interaction between the website and the user. This could be leaving your email information to make a comment on a blog or even when posting on social media sites.
For an ecommerce site, the very SSL Certificate Definition answers the question of why it is necessary. It provides your online customers with the confidence to enter debit or credit card information as well as to enter personal information. Without the SSL certificate, there is no security involved, which means any data transfer between the website, the browser and the server is completely open and unprotected.
An SSL certificate is granted by a CA or a Certificate Authority. A CA can be a root CA, which means that the browser trusted store already has their embedded root. It can also be an Intermediate CA, which will be vouched for by a root CA.
When you request an SSL/TLS certificate for a website, you will generate two keys from your server in what is known as a CSR or Certificate Signing Request. There is other information about your organization that will also be provided to allow the CA to be able to verify the website and the company are valid.
One of the two keys is the public key. The public key is on your server and it is also part of the public domain. These keys will encrypt information, making it secure to transmit. The private key is needed to decrypt the information. The private key is not part of the public domain and only your server has the private key.
In this way, information from your website is locked or encrypted and sent to the server. Unless the public key matches with the information on the server, it cannot be unlocked. In this way, data security is maintained even with the most sensitive information.
Each end-user, the customer, uses a device to access your website. Their device will have a root certificate from a trusted CA that granted the SSL certificate of the Intermediate CA. There can be several Intermediate CAs, which form a chain, but as long as each one is verified by the one higher up the user will see the website is secure.
We know that the SSL Certificate Definition seems simple, but there may be questions. If you aren't sure about any issues, or if you need help in buying the correct SSL certificate for your needs, give us a call at +1 888 266 6361 or visit us online at https://ssl.comodo.com for more information.