Everything You Need to Know about SSL/HTTPS
What is SSL/TLS?
SSL (Secure Sockets Layer) or TLS (Transport Layer Security) is cryptographic protocol and uses SSL certificate to establish an encrypted connection between web server and browser or a mail server and mail client to protect any sensitive information such as financial details, name, and addresses.
TLS (SSL) protocol works on top of the transport layer of OSI model. TLS is a successor to SSL. Currently, TLS 1.2 protocols enabled by default on web browsers. TLS 1.3 protocol also arriving soon with new enhanced features to provide robust security over the web.
To obtain SSL certificate, you must create Certificate Signing Request (CSR) data file on your server that you need to send to certificate provider. Certificate Provider will use CSR file and match your private key to issue SSL certificate. Once you get SSL certificate, you need to install on your web server to protect your website.
When visitor access SSL secured website, the browser and server set up a secure connection using Public Key, and Private Key. Any sensitive data encrypted with the public key can only be decrypted using the private key and vice versa.
What is HTTPS?
HTTPS protocol is HTTP protocol runs over SSL (Secure Socket Layer). SSL secured websites begin with HTTPS (Hyper Text Transfer Protocol Secure) instead of HTTP. HTTPS protocol used to authenticate and encrypt the data being exchanged between two clients. When SSL session established, then all data are wrapped into secured SSL packets in order to prevent hackers’ interception. HTTPS enables green padlock for the website on almost browsers. When you have installed SSL certificate correctly, you can see SSL certificate issuing authority and corporate name (only in case of EV SSL) and validity by clicking on the green padlock icon.
Types of SSL certificates:
There are three different SSL Authentication Levels followed by Certificate Authority to issue an SSL certificate as follows:
Domain Validated SSL (DV): Verifies domain ownership through WHOIS record or just send validation email to generic email associated with the website (only from; email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, and, admin@ domain.com). This certificate can be issued in few minutes.
Organization Validated SSL (OV): Certificate Authority will verify domain ownership and organization information (name, city, state and country) before to issuing a certificate. As certain details need to be verified by CA it may take 3 to 5 days or less to enable HTTPS on your website.
Extended Validation SSL (EV): Verifies domain ownership, organization information plus the legal existence of the organization that requires documentation. Issuance time can be varied to 5–7 Days. This type of SSL certificate triggers a green text in address bar with company information.
SSL certificate is a text file with encrypted data that you need to install on web server to secure one domain only or many domains (multi-domain) or sub-domains (Wildcard).
- You can choose Single SSL to secure single domain.
- If your domain has multiple first-level sub-domains like: abc.domain.com, abc2.domain.com etc.. then you purchase a wildcard SSL certificate. Please note Wildcard SSL will only work for first-level sub-domain like abc.domain.com not for def.abc.domain.com, ghi.def.abc.domain.com, etc..
- To secure multiple domains, you need to choose Mult-Domain (SAN/UCC) SSL certificate.
- To secure Multiple domains and multiple levels of sub-domains with a single certificate, then you should buy Multi-domain Wildcard SSL.
- You can confirm your software code’s authenticity with Code Signing Certificates that will protect code from malicious activity and ensures developers about code integrity.
SSL Implementation on website to secure traffic:
By SSL certificate Installation, you can secure website from man-in-the-middle attacks, can increase customer trust and rank better in Google search engine.
Here are simple steps, you need to follow:
- Create CSR (Code Signing Request) file with private key that you need to sent to CA and Buy SSL certificate from authorized SSL Reseller.
- CA will issue SSL certificate and send it to you via email, once your request validated.
- Next step is to install an SSL certificate and update your site to use HTTPS.
Make sure SSL certificate is configured properly using checker Tool and all web pages require to be accessed over HTTPS.