How does a SSL certificate work?
How does a SSL certificate work?
SSL/TLS certificate provides two important features. The first is information about the site producer, the other is encryption.
When you visit a https-webpage, you can verify the contents of the certificate. It contains information about the CA, for example Digicert, Entrust, DVV, Let’s Encrypt, etc., as well as the address of the certified website, eg www.company.com..
In addition, when a site has an SSL / TLS certificate, all traffic between the browser and the server is encrypted, and outsiders cannot see the information entered on the site.
There are different levels of certificates for different types of needs and uses. More about certificate types you can read here.
The depth of identity contained in certificates can be divided according to the following levels of validation:
- Domain (DV)
- Organizational (OV)
- Extented (EV)
- Qualified
It's important to know, that the DV level does not authenticate the service or site provider. Only the domain for which the certificate was issued is visible at the DV level. If the organization identity is wanted to be included in the certificate, you must select at least an OV-level certificate.
SSL (Secure Socket Layer) / TLS (Transport Layer Security) is a security protocol that enables encrypted network traffic between servers.
In fact, SSL is old, obsolete technology that was replaced by TLS in 1999. Nevertheless, both titles are still in common use and, for example, when it comes to certificate types, the product name often include SSL.
An SSL / TLS certificate normally encrypts unsecured network traffic. This disallows outsiders to gain access to the data between the client and the server. At the beginning of the online session happens so-called TLS / SSL handshake, during which the client head and the server exchange keys to establish a secure connection.
Public Key Infrastucture
The PKI (Public Key Infrastructure) method is used to achieve symmetric encryption.
The starting point for PKI is two encryption keys, which are very long prime numbers. One is the Private Key and the other the Public Key. If a message is encrypted with a secret key, it can only be opened with the public key. And vice versa: if a message is encrypted with a public key, it can only be opened with the corresponding secret key.
PKI enables us to secure traffic on our networks and to produce secure documents and to stamp an authenticated signature on official documents. A company can often also use its own PKI solution to generate certificates for internal use.