SSL certificates are issued to protect important traffic between websites and users so that attackers cannot intercept sensitive data. Let̵
What is SSL / TLS?
SSL, which stands for Secure Sockets Layer, is a protocol used to encrypt traffic between two computers. Interestingly, we still often refer to SSL, but in reality TLS (Transport Layer Security) is now the standard protocol for securing traffic between websites and users since SSL was deprecated in 1999.
That said, when we talk about SSL and SSL certificates, we are probably talking about the same encryption technology. If you are really interested in the details of how TLS works, you can read the RFC of TLS 1.3 here.
What is the purpose of SSL / TLS?
SSL / TLS was invented and implemented to secure data between network computers by encrypting and authenticating traffic on the network. When two computers are on a network or a user visits a website, the traffic and content are normally unencrypted and essentially available for interception. By including encryption, the data users enter into forms and information exchanged between two systems is protected from prying eyes.
In today’s world, failure to establish encrypted communications to protect users and data is a recipe for disaster. With attackers lurking all over the Internet, it is necessary to take extra precautions to keep your website and networks secure. Whether you’re connected to public Wi-Fi in a coffee shop, entering sensitive financial information in an online form, or simply logging into your email, your data is at risk without SSL and TLS encryption.
How does SSL / TLS actually work?
SSL and TLS work by creating key pairs, using a public and private key, to authenticate connections and define the identity of a website. The private key is secured by the website and a public key is available to users.
The way public and private keys work together allows browsers to automatically encrypt user traffic with a public key in a way that can only be decrypted with the private key. This means that if a website is properly configured with TLS, all traffic between you and the server (including but not limited to forms and logins) is secured, encrypted and can only be decrypted and decrypted by the website. This protects you from an attacker on your network sniffing out traffic and recovering sensitive data.
What does it look like in a browser?
You will see a lock icon in your browser. If you click on it, you will see more information about the connection and whether it is safe or unsecured. Many browsers highlight the lock button and also color it green or red. If you are not sure if your connection is secure, you can click this icon and see more information.
Moreover, you can see https in the browser instead of http. Having this in the URL doesn’t mean it is secure, but it could be another indicator that it probably is. Most browsers will clearly warn you if a site claims to be a secure site, but it isn’t.
How are SSL certificates implemented?
Now that you know what SSL and TLS is and how it secures traffic, let’s take a look at how to implement our own SSL certificate. The process is simple! Generate a Certificate Signing Request, submit the CSR and receive an SSL certificate, install the SSL certificate and install the intermediate certificate.
Generate CSR (public and private key)
The first step to getting an SSL certificate is to generate one Request to sign certificate, or CSR, on your server. When you create a CSR, you indicate the domain name of the website to be protected, your organization and address and finally the key type and size.
This process creates a public and private key on your server and generates a CSR file containing the public key. Make a note of the location of the files as you may need to open them in a text editor and copy the contents.
Submit the public CSR key to CA for validation
After creating your CSR, submit it to a Certification Authority (CA) to have it validated. Anyone can create SSL certificates, but modern browsers only trust certificates from certificate authorities.
When you submit your CSR to the certification authority, they will return you an SSL certificate. This certificate is certified by the CA to connect to your website so that other users cannot forge their own certificate.
Receive and install SSL certificate
Once you have received your SSL certificate from the CA, you can now install it on your server and connect to your website. Many control panels make this a simple process, but it depends on your operating system and server configuration. If you are working with cPanel or Plesk, you can install SSL certificates from the dashboard. If you manage your website without a control panel, you will have to do some manual work to configure it. Congratulations! You are almost done.
Implement an intermediate certificate
The intermediate certificate is signed by the CA’s root certificate, proving that they have validated the SSL certificate. The intermediate certificate essentially signs your SSL certificate and creates a bond of trust and authentication between your website, the CA and users around the world. After deploying the intermediate certificate, connect the connection between your server, your website and the certification authority, keeping users safe and secure!
Where can I get an SSL certificate?
With all that said, let’s talk about how to get our own SSL certificate signed by a trusted CA.
As for generating a CSR file, you need to figure out how to do that on your operating system and server configuration. If you’re using shared or managed hosting, it should be as easy as asking for help. If you are using Windows Server, you can refer to this guide here. And Linux users, I’m sure you can find out!
To get your CSR signed, you will find popular certification authorities such as DigiCert, Comodo, Symantec and RapidSSL. Many domain name registrars have services to help you get your signature under a trusted CA and hosting providers do the same!
It becomes easier than ever to incorporate SSL and secure encryption practices into your website and everyone can benefit! Don’t waste your time and set up your first SSL certificate today!