As the first layer of web security, a Secure Sockets Layer (SSL) Certificate is a must. They are essential in securing and establishing Internet and browser communication. Here are some FAQs for SSL to help you navigate the concept better.
SSL certificate questions:
There are three types of SSL certificates available:
- Domain Validated (DV SSL) – base level protection that can be issued immediately.
- Organization Validated (OV SSL) – next level protection that verifies the domain owner among several business details including name, city, states, and country.
- Extended Validation (EV SSL) – highest level of SSL certificates with the most stringent vetting process.
Egyptian cryptographer Taher Elgamal is the father of SSL. He helped establish secure communications on the Internet during his time working at Netscape.
First, the server sends a copy of its SSL certificate to the client (such as a browser). In turn, the client verifies if the certificate is valid and legitimate. Once verified, the client sends back a digitally signed confirmation to begin an SSL encrypted session.
An SSL connection is established once a series of communication exchanges between the client and server occurs. Basically, the client authenticates the server through a list of known certificate authorities (CAs), a process known as an “SSL handshake”.
While there are different types of SSL certificates, only one certificate is needed per website.
SSL pinning a setting of a server. It is a method of linking a host with its certificate or public key. In short, all other predefined certificates or public keys are rejected except for the pinned one.
SSL certificates can be obtained through Certificate Authorities or Certification Authorities (CAs). They are responsible for issuing digital certificates to ensure ownership of a public key.
Most operating systems have a built-in certificate storage. For Windows 10 users, certificates are stored on the local machine certificate store. For macOS users, they are stored in the key and password manager called Keychain. For UNIX/Linux users, the default location is /etc/SSL/certs.
Yes, SSL certificates can be transferred to another host, computer, or domain. However, since SSL certificates are tied to specific domain names, changing from one domain name to another can only be done by requesting to re-issue the certificate under a different domain name.
- A browser attempts to connect to a website with an SSL certificate.
- The server provides the browser with a copy of its SSL certificate.
- The browser validates the SSL certificate.
- Once validated, the server starts an SSL-encrypted session.
TLS encryption works by having the client (for example, a browser) and server verify each other, and establish encryption algorithms to secure communications.
On Windows
- In the search box, type Internet options.
- 2. Click on the Advanced tab in the Internet Properties window.
- 3. Scroll down to the Security section.
- 4. Check the User TLS 1.2 checkbox and then click on the “OK” button.
On Mac
- Click on the "Preferences" and then the "Advanced" icon.
- Click on the "Change Settings..." button.
- In the Internet Properties window, click on the "Advanced" tab.
- In the Settings section, check if the TLS checkbox is selected.
- Check the TLS box and then click on the "OK" button.
During a TLS handshake, two communicating sides, such as the client and server, exchange messages to verify each other and establish a connection.
Extended Validated (EV) SSL Certificates are the best for eCommerce stores. EV certificates offer the highest level of vetting and identity verification process out of all SSL certificate types.