What is an SSL certificate?

Let’s start with the basics: what is an SSL certificate?

When a user visits a website by typing its address into their computer’s address bar, at that time a connection is established between the computer’s web browser and the web server hosting the site. Typically, this connection is not secured – meaning that information is transmitted in the clear and any interested third party can view the information being transmitted. As you can imagine, handing over important personal information in the public domain is not a good option.

SSL certificate can be compared to a driver’s license – it performs two functions at once. Provides permission to use HTTPS encrypted communication via a public key infrastructure and identifies the certificate holder. That is, an SSL certificate is a digital document that confirms the authenticity of a website.

1. Data Encryption

KNOW MORE

2. Identification

KNOW MORE

Why do I need an SSL certificate for a website?

When you purchase an SSL / TLS certificate, you are making an investment in protecting your customers’ sensitive data. But let’s be honest, besides doing it the right way, you’d also like to increase your customers’ trust by keeping them safe. Fortunately, there are very obvious visual indicators that are provided by SSL certificates.

A negative visual indicator will be displayed for sites without an SSL/TLS certificate to let visitors know the connection is insecure. On sites without a certificate, the browser will display a warning.

The cost of a certificate is the lowest price you can pay for the security and peace of mind of your customers and yourself.

Sites with a basic SSL certificate will display a green padlock, a visual indicator to show that visiting the site is secure and the data is being encrypted.

Sites with premium SSL/TLS certificates will display the organization name and country, indicating maximum authentication and that the site is indeed owned by that organization.

Data encryption

Encryption is the process during which information is encoded. The only one who can decrypt it is a server or computer with the appropriate key. There’s a lot of interesting things to say about keys, both private and public, but not about that now.

It’s important to remember…

By encrypting the connection between the server and the browser, all information transmitted between them is protected from the prying eyes of malicious third parties. This security measure used to be considered necessary for sites that collected personal data, but over time browser developers began to insist on widespread encryption. This means that SSL will be required for all websites.

Identification

Identification or verification is done through the organization that issues the SSL certificate. These are certification centers, they perform different types of inspections depending on the type of certificate you purchase. There are three types of verification:

Domain validation

• Release within minutes
• Basic no-frills protection
• Great for any site

BUY DV CERTIFICATE

Organization validation

• Minimum organization check
• Displays information about the company
• Ideal for e-commerce

BUY OV CERTIFICATE

Extended validation

• Full organization check
• Shows green address bar
• Displays Security Seal

BUY EV CERTIFICATE

Total

SSL certificates facilitate the encryption of the connection between the browser and the web server, and authenticate the website that holds the certificate. With an SSL / TLS certificate, it is important to remember that the end user who once visited the website is not the owner of the certificate. The certificate itself belongs to the company that manages the website.

There are three types of certificates by type of verification: DV, OV and EV. They offer different levels of identification, but with the same standard of encryption. The key to choosing the right SSL certificate is determining the level of authentication you need. Small sites, which do not collect personal data of users, can save money and buy DV certificate with domain validation. Business and e-commerce sites should use either OV or EV certificates, depending on the size of the company and the type of identification required.

How an SSL certificate works

When a client and a web server exchange data, this information is usually in the public domain and can be intercepted and modified by a third party. For obvious reasons, this is not ideal.SSL / TLS certificate allows you to encrypt the connection, in which all communication between the client and the server is encoded in such a way that only an authorized party can read it. Which ensures the protection of personal data and confidentiality of information exchanged between both parties. The secure https protocol was developed to transmit encrypted data.

1. When a web browser opens a website, it first checks if there is an SSL certificate for that site. If there is a valid certificate, both start what is known as an SSL handshake.

2. During an SSL handshake, the browser verifies that the SSL certificate is valid and verifies that the identity of the website is correct.

3. All SSL certificates have a public key and a private key associated. These keys handle encryption and decryption separately. They are used during the SSL handshake for a secure connection.

4. After the client confirms that the certificate is valid, the client and the website server create a “session key” – this is the third key that is used for the rest of the secure connection. This “symmetric” key provides more efficient encryption, which makes SSL communication faster.

5. At the end of the handshake, which usually takes a few hundred milliseconds, a secure connection is established, the client and server can now exchange information securely over the Internet, no matter where they are.

Remember!

As long as your connection is encrypted, it is virtually impossible for a third party to decipher the information that is being sent back and forth. That’s why it’s important that e-commerce sites and other sites that collect personal information use SSL / TLS certificates. Through an unencrypted connection, all communication between the client and the server remains open and accessible to all. Encrypted communications essentially encode the information being transmitted, which can only be decrypted using the session key.

TutHost™ Guide to Buying an SSL Certificate

So, now you understand what an SSL / TLS certificate is and how it works. You know what you need to do to get a certificate and use it on your site. But this is just the tip of the iceberg. There are several factors that determine which type of certificate is right for you and your site.

If you have only one domain or site to protect, a certificate with domain validation will do. If your project has many subdomains, you can’t do without a wildcard certificate. If your company has many different sites and domains, the administration of certificates for all domains can be a very difficult task, which will help you to solve multidomain or SAN certificate.

Of course, the additional features and amenities that the certificate can provide have their cost. In order not to pay too much for the functionality of a certificate that will not be in demand, you need to choose an SSL certificate responsibly.

Additional benefits and features that you can take advantage of will help you use your newly purchased SSL certificate to its fullest potential. To make the right decision for you and your company, you need all the information.

BUYER’S GUIDE

You can find out how much it costs and order a certificate by clicking “Choose Certificate”. If you need further advice, we’re here for you, call or chat.

Choose a certificate

What’s next?

After ordering and paying for the certificate, you will need to go through verification, which depends on the type of certificate you ordered.

The fastest and easiest verification for inexpensive certificates for one domain with only domain validation. The entire process, from ordering to receiving, can take from 5 minutes. Verification is performed automatically by one of the available methods.

Confirming a domain by e-mail – CA will send an e-mail to one of the administrative e-mails of your domain, with a link that will allow you to click on the confirmation. According to our customers, the confirmation of the domain by e-mail – this is the most convenient way.

Domain validation by placing a verification file on your site – a special text file with a code is placed on your site by a specific link, which the Certification Authority will check the contents of the verification file. The validation file does not affect the operation of your site and your visitors do not see it.

Validation by CNAME – you need to add to your domain’s DNS CNAME record, which will contain the code provided by the Certification Authority. It will take time for the information about changes in your domain to be updated on the ISPs root DNS servers and for the CA to be able to detect the CNAME record with the code.

After successful completion of the verification, the certificate will be issued. The CA will send the certificate to your email and you will need to install it on your server.

The certificate itself is the encrypted text content of the certificate file. Installing a certificate on your server, in most cases, comes down to adding the encrypted text containing the certificate to your server. Features of operating systems and server control panels may differ from each other, so before installing the certificate, it is recommended to consult the manual for your software. You can find out how to install a certificate in the DirectAdmin control panel on our website here.