+4 votes
93 views
in security by (242k points)
reopened
SSL Certificate - What is it?

1 Answer

+5 votes
by (1.6m points)
 
Best answer

What is an SSL Certificate?
How does an SSL certificate work?
Why do you need an SSL certificate?


With an SSL certificate you secure your domain and offer users encrypted data transmission. But how does SSL actually work?

image image

Image: <span> wk1003mike / Shutterstock.com </span>

Pages on the Internet on which private data such as bank details are given are sensitive to external attacks. The information should be encrypted as well as possible. The solution in this case is: SSL certificate. SSL - short for Secure Sockets Layer - encrypts the established connection to the website in the browser and prevents third parties from eavesdropping on the data traffic. Find out how the technology works and when you need a certificate in this post.

What is an SSL Certificate?

In simple terms, an SSL certificate is an encryption protocol for secure data transmission over the Internet. You may have noticed that HTTPS is used when accessing websites. However, the encryption in the background, i.e. security, is provided by the SSL protocol, which is located one level below. These digital SSL certificates create an encrypted connection between your browser and the server of the website you are visiting. If you exchange sensitive data with the server - such as credit card information - these are protected from unauthorized persons by SSL. If you want to understand exactly how security technology works, take a look at the next section.

SSL stands for Secure Sockets Layer and is, strictly speaking, an outdated protocol. In the meantime, certificates work with the newer and especially secure TLS, which stands for Transport Layer Security . In common usage and in practice, however, SSL certificates are still used when a domain is encrypted..

image
Modern browsers use the lock symbol in the bar to visualize that your connection is secure. Here using the example of Google Chrome.

In summary, you should remember that the certificate serves as a kind of binding proof of identity. Broken down, an SSL certificate is a simple data set that contains uniquely identifiable information. Incidentally, this certificate is issued by an official certification authority, the so-called Certification Authority (CA).

How does an SSL certificate work?

An SSL certificate ensures the identity of a website and encrypts data traffic. If one speaks of encryption, a key is accordingly required to decrypt the data again. The certificates use what is known as public key cryptography.

This type of cryptography uses exactly two keys: a public key and a private key . Hence a public key and a private key. You can think of these keys as any length of randomly selected number combination. A message is encrypted with the public key and can only be decrypted again with the private key.

Using a classic example of communication, this process is simply illustrated in cryptography: Lisa sends a message to Tim and encrypts it with Tim's public key, which is available to both parties. The message can then only be decrypted with Tim's private key. If an outsider wants to intercept and read the message, he can only read a cryptographic code.

In relation to SSL, communication takes place between a domain and a server. In this case, the called domain is Lisa and the server is Tim. This means that third parties have no access to sensitive data that you exchange with the server, since at best they can only intercept cryptographic character strings. Encryption forms the basis for integrity and confidentiality when handling data.

Why do you need an SSL certificate?

In addition to protecting sensitive information such as credit card information and personal data, SSL certificates also protect passwords and PINs. Since May 25, 2018, SSL has been mandatory for operators of websites that request personal data.

But even if you only run a small blog - SSL is now foolproof to set up, for example free of charge via Let's Encrypt . The reason for this is not primarily the protection of the exchanged data, but your website appears more professional and automatically builds more trust with the customer.

The short answer to whether you need such a certificate is yes . Security, professionalism, integrity and confidentiality when dealing with personal data are the decisive arguments here..


...