SSL: The key to securing your business growth
SSL short for Secure Sockets Layer is cryptographic protocol that provides security features for users across the internet. SSL is the standard security technology for establishing an encrypted link between a web server and a client. Typically a web server and a web browser but also between a mail server and a mail client. SSL instantly encrypts plain text like password and credit card numbers in a data that only the user and the website can decrypt. The data sent between a browser and a server is usually transmitted in plain text which allows one to eavesdrop on that information. The purpose of SSL is to ensure that all data that passes between the server and browser remains private and integral.
SSL is considered the industry standard for secure data transmission. It is used by millions of websites to protect the online transaction and user information. We’re going to cover the basis of SSL and conclude with how one can secure his website with an SSL certificate.
How does it work??
Asymmetric encryption is the process of using a public and private key to encrypt and decrypt information. In Asymmetric encryption the public key is used to encrypt the information being sent and the private used to decrypt the information being received. The public key given by its name does not need to be private. Anyone can use the public key to encrypt a message however the private key is remains secret as it is the basis of the SSL security feature. Keys with less than 2048 bits are no longer considered to be safe. A key with 2048 bits has about 617 random letters, numbers and characters. One can only imagine the billions of letter to number combinations that can arise from that.
Browser → Server Interaction
How does the browser and server interact during an HTTP request with a SSL secured server. The diagram above should detail that.
An SSL connection between a browser and a client is set up by what is called a handshake. The point of the handshake is to ensure that the client is connecting to the right server and that the server is sending the information to the right client.
First a user enters a domain name. The client checks its browser cache to see if it has any history of that website if not it sends a request to the DNS server which stands for Domain Name System. DNS is a comprehensive directory network that translates domain name into IP addresses. Every website address or domain name on the internet has a unique IP address.
A socket is than formed from the users computer to the server. The web server receives that requests in a form of a header in case the server host multiple sites. This will inform the server what site to send the requested information to.
The server will than ask the client for the SSL Certificate or vice versa although it is more likely to be client asking the server. This is done by sending the SSL Certificate which stores information such as the public key, domain name, address and other related information as we’ll discuss later on. Once the SSL certificate has been verified a secure connection is established and the socket between the server and browser is open.
In order for one to activate SSL on your web server you have to go through an application process where you will be asked to identify your website and company. Your web server will than create two cryptographic keys. One public and one private.
The public key does not need to be private. It is place in a CSR which is short for Certificate Signing Request. CSR is a data file that contains your information such as your domain name, company name, Address, City, State and Country. You will be prompted to submit your CSR during the certificate application process. The Certification authority would than evaluate the details you have sent.
The Certificate of Authority than uses the CSR data file to create a data structure that matches the private key without compromising it. Upon validation the CA validates your request by sending you an SSL certificate. Once you receive your SSL certificate, you install it on your server. This will allow your web server to match your issued SSL Certificate to you private key and therefore establish an encrypted link between the website and your customer’s web browser.
The SSL certificate contains the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the certificate. When a browser connects to the site it will ensure that the certificate has not expired. A user can know wether a browser is secured by SSL because of the lock that appears next to it. If a browser is not secured by SSL than the user would know because a warning sign would appear. Letting the user know that the site is not secured by SSL.
This was a basic conceptualization of Security Socket Layers how beneficial it is to obtain a certificate. SSL ensures that the data sent remains unchanged. It authenticates your websites and makes your users feel safe. SSL also boosts your ranking among search engines. A clear indicator that investing in a certificate is a wise move.
I hope you have enjoyed this basic introductory lesson on what SSL is and the importance of having it. I can definitely say that I now have an over appreciation for the lock on my screen . Hope you do too. Stay tune for the article on Restful APIS among other things.