What do SSL certificates actually do?
You have probably heard about SSL certificates, encryption, and HTTPS before. After all, they play a vital role in web security. But what exactly do SSL certificates actually do?
When you visit a website data is sent between your browser and the website. Normal HyperText Transfer Protocol (HTTP) provides you with an insecure connection while HyperText Transfer Protocol Secure (HTTPS) provides you with a secure connection padlocked by encryption and verification.
When your browser requests a HTTPS connection to a webpage, the website will send its SSL certificate back to your browser. The certificate acts as a virtual high five between your browser and the website. It lets your browser know that a secure connection has been established between it and the website.
- Encryption: SSL certificates encrypt information so that it can only be read between the intended parties.
- Verification: SSL certificates verify the identity of a website.
SSL certificates give you (the internet user) more trust while you browse the web. They verify a website by showing you that a website is who they say they are and they protect the data transmitted between your browser and the web pages you visit so that your information is private.
What are SSL certificates?
SSL (Secure Sockets Layer) is a security protocol used to establish encrypted links between a browser and web server in online communications. In order to create an SSL connection, a web server requires the use of a digital certificate called an SSL certificate which consists of data files containing a website’s details and a public key called.
A CA (Certification Authority) is then required to validate the details of the SSL certificate such as the domain name, business name, and address. When the details have been validated a certificate is then issued for the website. The SSL certificate also shows the expiration date of the SSL plus details of the issuing CA.
Who issues SSL certificates?
Browsers rely on Certification Authorities to issue SSL certificates. Certification Authorities are organizations that are verified and trusted by browser vendors.
Is it possible to use a fake SSL certificate?
There have been several cases where a party has been able to create bogus SSL certificates in the past. A combined weakness in the certificate generation process and the ability to create MD5 hash collisions is how this occurred. However, the likelihood of creating a fake SSL certificate is slim to none as knowledge and research progress.
How can I check if a certificate is valid?
When you visit a website that utilizes an SSL certificate (such as the one you’re on right now) you will see https:// in the address bar. You might also see a padlock, an “i” inside a circle, or green bar depending on the type of SSL certificate that was issued to the website.
To check if an SSL certificate is valid, click the padlock or “i” in the address bar. You will find information about the SSL certificate including if it is valid, which CS issued the certificate, what the certificate is intended for, who the certificate was issued to, and when the certificate expires.
Now that you have a better understanding of SSL certificates, use the knowledge to protect yourself while browsing online. If you come across a certificate warning use your knowledge to investigate and decide your course of action.