What Is SSL?
Secure Sockets Layer — or SSL — is a standard security protocol for establishing encrypted communication links between a web server and a browser, ensuring all data transmitted between them remains protected.
To create an SSL connection, you’ll need an SSL certificate, which requires you to share details about your web site and company’s identity with a CA. This will generate a cryptographic private and public key, which allow customers to communicate with your site.
Next, you’ll need to submit a Certificate Signing Request, or CSR, which contains your public key. Your Certificate Authority then validates your details, allowing you to get your SSL certificate, which will contain your private key. From this point on, an encrypted link is established by your server between your web site and the customer's browser.
Customers will know your site is protected by an SSL certificate by the padlock icon displayed in the address bar, which — when clicked — will display your SSL certificate details. Only companies and individuals who have been thoroughly vetted will get an SSL certificate.
Your Extended Validation (EV) or Organization Validation (OV) SSL certificate will tell users:
- Your domain name
- Your company name
- Your address, city, state, and country
- The certificate’s expiration date
The user’s browser will also check if the CA is verified and if the SSL certificate is being used for the correct site. If any of these checks fails, the user will receive a warning that the site is not secure.
What is an SSL/TLS Certificate?
SSL or TLS (Transport Layer Security) certificates are data files that bind a cryptographic key to the details of an organization. When an SSL/TLS certificate is installed on a web server, it enables a secure connection between the server and the connecting browser. The website's URL is prefixed with "https" instead of "http," and a padlock is displayed on the address bar. If the web site uses an extended validation (EV) SSL certificate, the browser may also show a green address bar.
What is SSL used for?
The SSL protocol is used by millions of online businesses to protect their customers, ensuring their online transactions remain secure by encrypting their confidential data, like personal info, passwords, and credit card details. All web browsers can interact with secured sites that have a certificate from a trusted CA.
Why do I need an SSL Certificate?
The internet provides unsurpassed opportunities for companies to thrive — and for cybercriminals to take advantage of unsuspecting internet users. With an SSL certificate, you can protect your customers’ personal information and keep their transactions safe.
How does SSL work?
- An end-user uses a browser to make a secure connection to a website.
- The browser obtains the site’s IP address from a DNS server, then requests a secure connection.
- To initiate a secure connection, the browser requests the server identifies itself by sending a copy of its SSL certificate.
- The browser checks the SSL certificate to ensure:
- It is signed by a trusted CA
- It has not expired, been suspended, or revoked
- It conforms to required security standards on key lengths and other items.
- The domain listed in the SSL certificate matches the requested domain.
- When the browser confirms that the web site can be trusted, it creates a symmetric session key, which it encrypts the public key in the web site's SSL certificate. The session key is then sent to the web server.
- The web server uses its private key to decrypt the symmetric session key.
- The server responds with the encrypted session key.
- From then on, all data transmitted between the server and the browser is encrypted and secure.
How Do I Implement SSL on My Web Site?
Implementing SSL for a web site is quite easy. A typical installation of SSL certificate involves the following steps:
Step 1. Acquire an SSL Certificate
To implement SSL/TLS security on your web site, you need an SSL certificate from a trusted CA. A trusted CA will have its root certificates embedded in all major root store programs, meaning your SSL certificate will be trusted by the internet browsers and mobile devices used by your customers.
Certificates come in a range of options to suit all needs:
- Single domain SSL certificates allow you to secure one Fully Qualified Domain Name (FQDN).
- Wildcard SSL certificates secure a single domain and unlimited subdomains. For example, a wildcard SSL certificate for domain.com could also be used to secure payments.domain.com, login.domain.com, and anything-else.domain.com.
- Multi-domain certificates (MDC) allow web site owners to secure multiple domains under one SSL certificate. For example, a single MDC can be used to secure domain-1.com, domain-2.com, domain-3.co.uk and domain-4.net.
- Available in single domain or multi-domain form, Extended Validation SSL certificates provide the highest levels of security, trust, and customer conversion for online businesses. To communicate this peerless level of trustworthiness, EV SSL certificates turn the browser address bar green.
Step 2. Activate and Install Your SSL Certificate
When you purchase your SSL certificate, the activation is executed by the web host. The administrator of the web site can also activate the SSL through Web Host Manager (WHM) or cPanel by following these steps:
- In the WHM dashboard, select the SSL/TLS option and choose "Generate SSL Certificate and Signing Request."
- Generate your private key and fill out the Certificate Signing Request (CSR) form.
- Enter your domain name in the "Host to make cert for" box.
- Send the CSR to your CA in order to purchase a SSL certificate.
- Go to Knowledgebase for help generating a CSR on various webserver types.
To see how to install certificates on various webservers, check out our SSL Certificate Installation Guide.
Step 3. Update Web site to HTTPS
Now that your web site is HTTPS compatible, you need to configure it so visitors are automatically directed to the HTTPS version. Plus, switching to HTTPS will help your SEO efforts on Google.
Who Issues SSL Certificates?
A Certificate Authority (CA) issues SSL certificates based on two factors:
- The legal identity of the enterprise/company
- Whether the applicant controls the domain listed in the certificate
Upon verifying this information, the CA issues the SSL certificate along with a trusted root that’s owned by the CA. Only if a web site’s certificate is chained to a root recognized by the browser will it allow for a secure HTTPS connection — otherwise the browser display a warning that the connection is not trusted.
What Details Are Included in an SSL Certificate?
SSL certificates will contain details identifying to whom the certificate has been issued:
- Domain or common name
- Serial number
- Issuer information
- Issue and expiration date
- SHA fingerprints
- Subject key algorithm
- Public key
- Certificate signature algorithm and value
- Type of certificate
- SSL/TSL version
- Perfect Forward Secrecy status
- Cipher suite
Organization and Extended Validation SSL certificates also contain:
- Identity of web site owner
- Organization name
- Address, city, state, country
How Can I Tell When a Site Uses SSL?
A page using SSL will display:
- "https://" instead of "http://"
- A padlock icon in the address bar
- With an Extended Validation SSL certificate, the address bar also shows the registered name of the company that owns the web site, the name of the issuing CA, and a green security indicator.