Generally, people don’t think much about how their data is transmitted across the internet but if you’re responsible for keeping sensitive information safe, it’s important to understand how TLS/SSL works and its importance. TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide security for communication over networks such as the internet. They use a combination of public key and symmetric key encryption to ensure that data cannot be read or tampered with while in transit.
One of the main benefits of using a TLS/SSL protocol is that it helps to prevent man-in-the-middle attacks. In these types of attacks, an attacker intercepts communication between two parties in order to gain access to sensitive information. By encrypting the data with TLS/SSL protocol, it becomes much more difficult for an attacker to eavesdrop on the conversation and steal any valuable data. Another benefit would be it ensures the integrity of data remains uncompromised because it uses both public key and symmetric key encryption, there are multiple layers of protection against tampering. This means that even if an attacker were able to intercept the data, they would not be able to make any changes without being detected.
Overall, TLS/SSL is a very effective way of keeping data safe when transmitting it over networks such as the internet.
How Does SSL/TLS Work?
SSL/TLS is the most widely used security protocol on the internet. It’s responsible for establishing an encrypted connection between a web server and a web browser.
Here is a detailed flow of how SSL/TLS works:
- When a web browser attempts to visit a website (web server), it first requests the server to identify itself.
- Then, the web server sends a copy of the SSL/TLS certificate and its public key.
- During the SSL/TLS handshake, the web browser checks the validity of the SSL certificate. Also, authenticates the website properly by validating its common name and match with what it is connecting to.
- SSL certificate is composed of the public key and private key which handle data encryption and decryption during the SSL/TLS handshake for secured communication. Once the browser confirms that the certificate is trusted, then a third key called “session key” is generated by the browser using the server’s public key.
- Later, the session key is sent back to the server. The session key is a symmetric key, which is a potent form of encryption to make swift communication.
- The server decrypts the received session key and sends back a message along with the encrypted session key.
- At last, an encrypted and secure connection is established between the end-user (e.g., a web browser) and the web server at the end of the handshake. Now, they can communicate in a secure environment with the provided session key. Typically, SSL/TLS handshake takes less than a second.
To view an SSL certificate’s details, you can click on the padlock symbol located in the browser bar. Details typically included within SSL certificates include:
- The domain name that the certificate was issued for
- Which person, organization, or device it was issued to
- Which Certificate Authority issued it
- The Certificate Authority’s digital signature
- Associated subdomains
- Issue date of the certificate
- The expiry date of the certificate
- The public key (the private key is not revealed)
Types of SSL certificates
Netrust provides different types of SSL certificates with different validation levels. The five main types are:
- Standard OV Certificate (OV SSL)
- Advantage OV Certificate (OV SSL)
- Multi Domain OV SSL Certificate (OV SSL)
- Wildcard SSL Certificate (OV SSL)
- Multi Domain Extended Validation certificates (EV SSL)
Standard OV SSL Certificates
Standard OV SSL certificates provide identity assurance and encryption and are best suited for encrypting user information during transactions. Most consumer-facing websites are legally required to deploy and ensure information communicated during a session remains confidential. Standard OV SSL can only support 1 single domain including www.
Advantage OV SSL Certificates
Advantage OV SSL Certificates include identity verification for two domains and avoiding browser warnings with encryption to secure transmitted data.
Multi Domain OV SSL Certificates
Multi Domain OV SSL Certificates are verified either to the extended validation or organization validation levels. An efficient way to consolidate multiple certificates is by leveraging Subject Alternative Names (SANs) for cost savings. Multi Domain OV SSL certificates establish trusted identities and eliminate browser notifications that warn visitors against entering your site and provide website encryption, identification, and authentication for four domains.
Wildcard SSL Certificates
Wildcard SSL certificates are verified to the Organisation Validation level and are a cost-effective solution for securing a base domain and any number of affiliated subdomains. In addition to lower costs (than buying multiple individual certificates), they offer greater simplicity because users don’t have to submit multiple certificate signing requests (CSRs) or manage the expiration dates for multiple TLS/SSL certificates across multiple URLs.
Multi Domain Extended Validation (EV) SSL Certificates
Multi Domain Extended Validation (EV) SSL certificates provide the highest assurance of security, and the application process is the most rigorous. When deployed on a website, a padlock icon, the organization’s name, and the HTTPS designation become visible to visitors. This type of certificate is generally used for web applications that require identity assurance for collecting data, processing logins, or conducting online payments.
How to obtain an SSL certificate?
SSL certificates can be obtained directly from a Certificate Authority (CA). Certificate Authorities – sometimes also referred to as Certification Authorities – issue millions of SSL certificates each year. They play a critical role in how the internet operates and how transparent, trusted interactions can occur online.
Obtaining your SSL involves the following steps:
- Prepare by getting your server set up and ensuring your WHOIS record is updated and matches what you are submitting to the Certificate Authority (it needs to show the correct organization name and address, etc.)
- Generating a Certificate Signing Request (CSR) on your server. This is an action your hosting organization can assist with.
- Submitting this to the Certificate Authority to validate your domain and company details
- Installing the certificate provided once the process is complete.
Once obtained, you need to configure/install the certificate on your web host or on your own servers if you host the website yourself. How quickly you receive your certificate depends on what type of certificate you get and which certificate provider you procure it from. Each level of validation takes a different length of time to complete. A simple Organization Validation SSL certificate can be issued within 1-3 days of being ordered, whereas Extended Validation can take 3-5 days.
Should you have any further queries regarding SSL Certificates, please email our sales team at sales@netrust.net or contact us via our website.
Follow us on LinkedIn for the latest happenings/updates.