Secure Socket Layer (SSL) Overview
Posted by CTX Admin on 08 August 2014 11:18 AM
SSL is short for Secure Sockets Layer.
It is a mechanism for encrypting data between your computer and another, as well as verifying the identity of a server. One can specify a special URL to tell a web browser that it needs to open a secure connection and encrypt all data.
URL not using SSL: http://www.example.com
URL using SSL: https://www.example.com
You may have seen SSL used when you login to your bank's online web access to view your account information or when using an eCommerce shopping cart checkout.
How It WorksWhen your web browser requests a secure page (using a 'https' URL) the server sends it's public key and SSL Certificate to the web browser. The web browser then checks the identity of the server against the certificate and ensures that they match (or displays a warning if they don't). The browser will then encrypt the request for data and send it to the server. This request could be a simple request asking for an HTML document or a more complex request that involves sending a username and password. The server will then decrypt this request, process it, and then encrypt the response. When the server has returned the requested information, the browser will decrypt it and display it for you.
The basic components of SSL are a public key, a private key and a certificate. Each computer can generate a private key that is used only on that computer for decrypting information. However, in order to encrypt it to begin with the computer can generate a public key that it can distribute to the world in general. This way, a sending computer can encrypt data using a public key, but only the intended recipient can decrypt it using the private key.
Do I Need SSL?
If you are running an online store where people are providing you with credit card information into a web form, you will definitely need SSL.
Different Kinds of Certificates
Trusted RootSome companies operate a Trusted Root Authority. They are established companies, and they've paid good money to have their root certificates included in your web browser (whether it's Internet Explorer, Firefox, Safari, Opera, etc). Your browser will automatically "trust" any certificate that has been issued by these authorities directly. These certificates are usually issued by GeoTrust, Verisign or Thawte. This is how it looks to your browser:
Server sends certificate to browser for verification. Browser checks the issuing authority (eg, Thawte) on the certificate. Browser then checks it's internal list of trusted roots. Browser says "OK! - I believe you are who you say you are!"
ChainedOther companies operate certificate authorities, but they aren't trusted roots. They usually issue Chained Certificates based on root that is issued by one of the Trusted Roots servers. This is how it looks to your browser:
Server sends certificate and a "chain certificate" to browser for verification. Browser checks the issuing authority (eg, XYZ company) on the certificate. Browser say, "I don't know who you are. But I see you were issued by XYZ and that you've included XYZ's certificate". Browser then checks the chain certificate and sees that it's issued by a Trusted Root. Browser then checks it's internal list of trusted roots. Browser says "OK! - I believe you are who you say you are!"
Self-SignedYou can also work with self-signed certificate. This is the kind of certificate you might encounter when using a secure login on a shared server. This certificate is still good for encrypting data, but there is no third-party verification process used to identify the server sending the certificate.
Server sends certificate and a "chain certificate" to browser for verification.
Manage Your SSL Certificate
If you wish to make changes to your SSL certificate before it expires, such as updating the domain name or WHOIS information or switching the SSL certificate to a new server/host, then you must request to have the certificate reissued. After the SSL has been reissued, re-installation is required.
Renew an SSL Certificate
When it is time to renew an SSL certificate, you must purchase and install a new certificate; this applies to reissued certificates as well. When you renew your SSL certificate, you will need a new CSR. When the SSL certificate is issued, you will receive three different groups of alphanumeric data sent from the certificate provider:
If you purchase an SSL certificate from us, we will install it for free. If you purchase an SSL certificate from a different company, we will ALSO install that for free!
If you do not wish to renew an SSL certificate, simply allow it to expire.