The term SSL stands for Secure Socket Layer and is, in short, the standard technology for maintaining secure communication between a web server / website and a web browser. It ensures that unauthorized individuals cannot access, modify, or delete information transmitted between a web page and a visitor, such as during an order or form submission.
SSL certificates have a key pair, a public and a private key. These work together to establish an encrypted connection between them. The certificate also contains what is called the "subject", which is the identity of the website owner.
To obtain a certificate, a CSR (Certificate Signing Request) needs to be created on your server. This process generates the private and public keys on your server. The CSR data you send to the SSL certificate issuer includes the public key, also known as CA (Certificate Authority). The CA uses the CSR data file to create a data structure that matches the private key, without being able to see the private key itself.
All web browsers have functionality to interact with secure web servers that use the SSL protocol. However, an SSL certificate is required to establish the secure connection.
If you use a standardized web host, there are often settings to enable a so-called "Let's Encrypt" certificate (more on this below). If you use your own server, the certificate needs to be installed manually. The instructions for installing the certificate vary between different server providers and technologies.
If an SSL certificate is not installed on a website, all traffic to and from the website is unencrypted. For example, if you are in a cafe or an airport, hackers can steal information such as banking details or other sensitive information when you submit them.
Since July 2018, the Chrome browser marks all websites that are not secured with an SSL certificate by displaying "Not Secure" in the top left corner. Technically, this does not mean that there is something wrong with the website, but visitors can be warned and lose trust in the site's appearance. Google wants the internet to be a safer place and does everything they can to ensure that all websites have SSL. Through the Chrome labeling (developed by Google), they can expedite this process. They have also announced that secure websites are prioritized in search result listings, making this an important factor to consider if you want to appear on Google.
If the web address of a website starts with HTTP://, it indicates that SSL technology is not enabled. If it instead says HTTPS://, you know that an SSL certificate is set up.
Let's Encrypt is a free CA developed by the Internet Security Research Group (ISRG). They provide two types of certificates. First, standard single-domain SSL and wildcard SSL that covers not only a single domain but also all of its subdomains. Both SSL types are issued for 90 days at a time and are often automatically renewed (depending on the server provider).
More information is available on the Let's Encrypt official website.
When a web browser tries to access a website secured with SSL, a communication is set up in a process called "SSL handshake". Three different keys are used to establish SSL communication; the public, private, and session keys. All data encrypted with the public key can only be decrypted with the private key, and vice versa.
Because encryption and decryption with private and public keys require a lot of processing power, they are used only during the handshake to create a symmetric session key. After the secure connection is established, the session key is used to encrypt all transmitted traffic data.
Get a proposal within 24 hours from us at the web agency Generation.