What Is An SSL Certificate?

What is SSL Certificate- When you load a website, the browser tells you whether or not you should trust it. Why? And how does the browser decide? 

Whats is SSL certificate?


Today, I am going to talk about something called an SSL Certificate, what it means, why you need one, and the massive movement to hand them out freely, making it easier for you to secure your website. So let’s get started.

 Hi, my name is Rohit Prakash and today we are going to talk about SSL Certificates.

What Is An SSL Certificate? 


via GIPHY

When you are in your browser and looking at a website, behind the scenes, the browser is connecting your computer to the website’s server. 

Originally, this connection was wide open, with the messages between the server and your computer were in plain text and completely insecure. 

This made it far too easy for malicious software to sit on the connection and grab those messages as they went by. Then came along encryption and SSL Certificates. 

Luckily, the only thing we really have to understand about encryption is what it does, not how it accomplishes it through its complex math. 

You start with a plain text message, that message is then sent through an algorithm, that garbles it up, so it is impossible to read. 

Only the intended recipient can unscramble and then read the message. SSL Certificates enable this encryption by providing a pair of keys that allow only the recipient to read the message and no one else. 

Let’s take a moment to talk about the lingo involved here. When you secure your website through your hosting provider, they are going to use one of the following terms: “SSL Certificate, TLS Certificate, or Security Certificate” All three mean the exact same thing. 

Notice that all of them use the word Certificate. This well-describes what goes onto your website’s server. 

You can compare it to a Certificate of Authenticity, often used by the art world or collectors, which is simply a badge that assures something is authentic. 

SSL Certificates work similarly but in a much more complex way. The browser reaches out to a webserver and says, “Hey, I’m looking for technorohit.com. You say you’re technorohit.com, but are you the real deal?” 

The webserver answers back, “Yes, I'm the real technorohit.com, and here is my special key to prove it.” 

Once the browser has this key, it starts the encryption process, which requires that the webserver have another, and the mathematically-linked private key to match. 

Only the real webserver can have that matching key, so it proves authenticity to the browser. This is why, when you to google.com, you always get google.com. 

Once a website has been secured, it guarantees to the website visitor: Confidentiality - meaning it is not possible for messages to be grabbed and read by malicious software while in transit Authenticity - the website in which you are interacting is the expected website Integrity - since the connection is secured, the data passing between your browser and the website is exactly as each side intended it. 




Why Your Website Needs A Certificate?


The Internet is going through a big change. For example, on September 8th, 2016, Google published an article, “Moving towards a more secure web”. 

There is a link down in the description below. In it, Google announced its overall plan to change the way it tells visitors about the security of the website they are visiting. 

At the time I write this blog, Google Chrome dominates the browser market with a full 72% usage, with Safari at 15% and the rest at no more than 4%. So for the rest of this blog, I am going to focus on Google Plans. 

Google is switching the way it indicates to website visitors whether a page is secure. 

These pictures show Google’s plan, starting with what it was and where it is going. 

For pages that had no sensitive data, there was only an information icon, which you could click to drop down a panel that stated it was an insecure page. 

But recently, Chrome moved to the next stage where it has the words “Not Secure” up at all times. 

The big news was that in the near future, Chrome will show “Not Secure” in red along with a red triangle to get your attention. 

This will be done for all insecure pages, no matter the sensitivity of the data involved. 

At the same time, it is going to retire the lock that we are all familiar with. Originally, when a page was secure, there was a green lock and the word “Secure”. 

Currently, the lock is still there, but gray, and the Secure word has disappeared. Then in the near future, that lock will disappear. 

The idea here is that it is expected that all web pages will be secure, so the browser will only show indicators when that is not the case. 
 
In the future, this red warning and icon will happen on all the pages of a website without an SSL certificate installed. 

If we see technorohit.com which is secure, you can see how different it looks in the address bar.

It has a gray lock and shows https at the beginning of the web address. This indicates that the page is being delivered on a secure connection, thanks to the installed certificate and associated keys. 

Remember, the plan is for that little gray lock to disappear so that we all expect pages to be secure by default. So, how do you secure your website? 

For websites that are still not secured, there is some good news. In May of 2013, the Internet Security Research Group or ISRG was founded, with its stated mission to help websites secure their information.

via GIPHY

It was sponsored by many companies, including Google and Mozilla, and launched a massive undertaking- Let’s Encrypt. Thanks to Let’s Encrypt, website owners can now acquire a security certificate easily, efficiently, and for free. 

You start the process by working with your hosting provider. Most hosting providers will do this automatically or require a change of a setting. 

But if you are unlucky enough to work with a provider who makes it difficult or expensive to get a certificate for your website, it is probably time to shop for a new provider, because they are just not keeping up with the industry. 

The important thing is to remember to look for those three names, SSL, TLS, or Security Certificate. 

I wish you the best as you dive into securing your website knowing that it will reassure your website visitors and add to the overall goal of securing the Internet. 

Hey! Thanks for reading! I post my blogs all about websites and the internet in a fun and gentle way. So be sure to subscribe to my blog to see more! 

Post a Comment

0 Comments