This is how SSL certificates work: Https explained in 15 minutes

Dinesh Arora
6 min readMay 19, 2024

How SSL Certificates Work: HTTPS Explained in under 15 minutes

The world of online security may seem complex, but understanding the basics of how SSL certificates work and why HTTPS is essential can empower you to make safer choices online. Just like Jane, you can navigate the digital landscape with confidence, knowing that your data is protected from prying eyes. So next time you browse the web, remember the story of Jane and the coffee shop hacker, and choose secure, trusted websites for your online activities. Let’s start our day with Jane who was enjoying her coffee peacefully.

Chapter 1: The Coffee Shop Conundrum

It was a sunny afternoon, and Jane decided to take a break from her hectic day. She headed to her favorite coffee shop, ordered a latte, and found a cozy corner to catch up on some online shopping and emails. As she settled in, she connected her laptop to the coffee shop’s free Wi-Fi and began browsing. Little did she know, a hacker named Bob was sitting just a few tables away, eager to intercept her data.

Bob had set up a fake Wi-Fi network named “Coffee_Shop_WiFi_Free” to lure unsuspecting customers. Jane, unaware of the dangers, connected to it without a second thought. Bob now had access to all the data Jane was sending and receiving — her login credentials, personal messages, and even her credit card information.

Chapter 2: Enter HTTPS

As Jane continued browsing, she noticed a small padlock icon next to the website’s address in her browser. Curious, she hovered over it, revealing the letters “HTTPS” before the web address. Jane remembered reading somewhere that HTTPS meant the website was secure, but she didn’t fully understand how it worked.

HTTPS stands for Hypertext Transfer Protocol Secure. It’s an enhanced version of HTTP, the protocol used for transferring data over the web. The “S” in HTTPS stands for “Secure,” indicating that the connection between Jane’s browser and the website is encrypted. This encryption ensures that any data exchanged is unreadable to anyone who might intercept it — including Bob, the hacker.

Chapter 3: The Magic of SSL Certificates

The key to HTTPS is something called an SSL certificate. SSL stands for Secure Sockets Layer, a technology that establishes an encrypted link between a web server and a browser. This encryption is like a secret code that only Jane and the website can understand, keeping her information safe from prying eyes.

But how does this magic work? Let’s delve into the mechanics.

Chapter 4: Encryption Unveiled

Encryption transforms readable data into a scrambled format that can only be deciphered with the right key. Think of it as sending a locked box with a combination lock. Only someone who knows the combination can open the box and read the contents.

There are two main types of encryption used in securing data: symmetric encryption and asymmetric encryption.

Symmetric Encryption

In symmetric encryption, both parties (Jane and the website) share the same key to encrypt and decrypt data. Imagine Jane and her friend Emma have a shared secret code: they both know that “A” stands for “1”, “B” stands for “2”, and so on. If Jane sends Emma the message “HELLO” using this code, it becomes “85121215”. Emma, knowing the code, can easily translate “85121215” back to “HELLO”.

This method is fast and efficient, but it has a downside: both parties must somehow share the secret key without it being intercepted by anyone else.

Asymmetric Encryption

Asymmetric encryption solves this problem by using two keys: a public key and a private key. The public key can be shared openly with anyone, while the private key is kept secret.

Here’s how it works:

  1. Jane wants to send a secure message to the website.
  2. The website provides Jane with its public key.
  3. Jane uses this public key to encrypt her message.
  4. Only the website’s private key can decrypt this message.

Even if Bob intercepts the encrypted message, he can’t read it without the private key, which only the website possesses.

Chapter 5: The Role of Certificate Authorities

You might be wondering, “How can Jane be sure that the website’s public key is genuine and not from an imposter?” This is where Certificate Authorities (CAs) come into play.

A Certificate Authority is a trusted organization that verifies the identity of websites. Think of it as a digital notary that ensures the legitimacy of a website’s public key.

How CAs Validate Certificates

  1. Request Verification: When a website wants an SSL certificate, it sends a request to a CA. This request includes information about the website and the organization behind it.
  2. Identity Check: The CA verifies the website’s identity. Depending on the type of SSL certificate, this verification can range from checking domain ownership to thoroughly vetting the organization’s legal and physical existence.
  3. Issuance of Certificate: Once the CA verifies the information, it issues an SSL certificate. This certificate includes the website’s public key and the CA’s digital signature.
  4. Trusted Connection: When Jane’s browser connects to the website, it checks the SSL certificate against a list of trusted CAs. If the certificate is valid and trusted, her browser establishes a secure, encrypted connection.

Chapter 6: Types of SSL Certificates

Not all SSL certificates are created equal. There are several types, each providing different levels of validation and security:

  1. Domain Validated (DV) Certificates: These certificates verify that the applicant has control over the domain. They are the quickest and least expensive type of SSL certificate, suitable for personal blogs or small websites.
  2. Organization Validated (OV) Certificates: These require the CA to verify the organization’s identity. They provide a higher level of security and trust compared to DV certificates, making them suitable for business websites.
  3. Extended Validation (EV) Certificates: These offer the highest level of trust and security. The CA performs a thorough vetting process, and once issued, the website displays a green address bar in browsers, indicating a high level of trust. EV certificates are ideal for e-commerce sites and financial institutions.
  4. Wildcard Certificates: These cover a domain and all its subdomains. For example, a wildcard certificate for *.example.com would cover www.example.com, blog.example.com, and any other subdomains.
  5. Multi-Domain (SAN) Certificates: These can cover multiple domains and subdomains with a single certificate, offering flexibility for websites with various domains.

Chapter 7: Jane’s Enlightenment

As Jane continued reading, she began to understand the importance of SSL certificates and HTTPS. They not only protected her sensitive data from hackers like Bob but also built trust and confidence in the websites she visited. Websites with HTTPS are more trustworthy because they have gone through the process of obtaining an SSL certificate from a trusted CA.

Jane realized that using HTTPS was crucial for several reasons:

  • Security: SSL certificates protect sensitive data such as passwords, credit card numbers, and personal information by encrypting it.
  • Trust: Websites with HTTPS are seen as more legitimate and trustworthy by users.
  • SEO Benefits: Search engines like Google prioritize HTTPS websites, improving their search ranking.
  • Compliance: Many regulatory standards require the use of HTTPS to protect user data.

Chapter 8: Jane’s Secure Browsing Journey

Feeling more informed and secure, Jane made a mental note to always look for the padlock icon and “HTTPS” in the web address before entering any personal information online. She understood that while HTTPS and SSL certificates didn’t make her completely immune to all cyber threats, they provided a significant layer of protection against common attacks.

As she left the coffee shop, Jane smiled, knowing that she had taken an essential step towards safeguarding her online presence. She even shared her newfound knowledge with friends and family, helping them understand the importance of secure browsing.

Chapter 9: The Future of Online Security

The internet is continuously evolving, and so are the threats that come with it. As technology advances, so do the methods to protect data. SSL has already evolved into TLS (Transport Layer Security), offering more robust encryption and security features.

In the future, we can expect even more advanced security protocols and methods to protect our online data. However, the fundamental principles of encryption, authentication, and data integrity will remain at the core of online security.

Chapter 10: A Call to Action

For anyone reading this story, it’s essential to take the following steps to ensure your online security:

  • Always look for the padlock icon and “HTTPS” in the web address bar before entering any personal information.
  • Be cautious when connecting to public Wi-Fi networks, as they can be hotspots for hackers.
  • Use strong, unique passwords for different websites and consider using a password manager.
  • Keep your software and browsers updated to protect against the latest security vulnerabilities.
  • Educate yourself and others about online security practices.

By taking these steps, you can significantly reduce the risk of falling victim to online threats and ensure a safer browsing experience for yourself and those around you.

--

--