Personal information such as address and name, as well as important information such as credit card numbers and various passwords are frequently sent and received on the Internet every day. On the other hand, Internet crimes such as eavesdropping on communication data aimed at such important information are incessant. Website “safety” is one of the prerequisites.
What is needed there is a world-standard security technology, SSL (Secure Sockets Layer)/TLS (Transport Layer Security).
On this page, we will tell you the functions and roles of SSL/TLS, the types of SSL/TLS, and how to select them appropriately.
What is SSL/TLS?
Security) is a technology that encrypts communication on the Internet.
By using SSL (Secure Sockets Layer)/TLS (Transport Layer Security) to encrypt communication data between the PC and the server, it is possible to prevent eavesdropping or falsification of data by a third party.
What is the difference between SSL and TLS?
SSL and TLS refer to the same function only with different notations. SSL has been upgraded to 3.0 and then renamed to TLS1.0.
Since the name SSL is still widely recognized, it is often written as SSL/TLS.
To check SSL/TLS
When exchanging important information, it is important to check whether the site supports SSL/TLS. On web pages where SSL/TLS is installed, the URL “http://” displayed in the address bar of the browser will be “https://” with “s” indicating Secure.
What is an SSL server certificate?
To use SSL/TLS, install an SSL server certificate on the server. Generally, the SSL name is widely used, so it is described as an SSL server certificate instead of “TLS server certificate”.
An SSL server certificate is an electronic certificate issued by a trusted third party, such as GeoTrust, which is a certificate authority, and has three functions for using the website safely.
1. Website owner verification
You can prove that the website operator owns the domain (server) shown in the certificate.
This allows site visitors to check “where to send information” and send important information with confidence.
When the server and computer start SSL/TLS communication, the server first sends the SSL server certificate to the computer.
The computer examines the certificate and makes sure that:
- Is the certificate issued by the correct “certificate authority” (eg GeoTrust)?
- Does the server you are communicating with match the server listed in the certificate?
If you can confirm that it is the correct server, you can start communicating with confidence.
2. Communication data encryption
Communication data between browser and server is encrypted by SSL/TLS function.
This prevents the wiretapping of data by third parties and allows you to send and receive data securely.
When preparing to apply for an SSL server certificate, generate a “public key” and “private key” on the server where SSL/TLS will be installed. The SSL server certificate contains the “public key”, and data encrypted using this public key can only be decrypted by the server that stores the “private key” that was generated at the same time.
Website visitors use the “public key” included in the SSL server certificate to encrypt the input information and prevent eavesdropping by a third party.
After the information arrives at the server, it can be decrypted using the private key.
3. Tamper detection
With the SSL/TLS function, it is possible to detect whether the content sent from the site has been rewritten (altered) by a third party during communication.
Tamper detection uses a “hash function”, a function that summarizes large data into unique short data.
For example, if the short data content summarized using a hash function when sending input data from the site changed when the other party received it, you know that someone rewrote the input data during the communication. ..
Why do you need an SSL server certificate?
Many Internet users recognize that SSL server certificates are essential for the safe use of the Internet.
Approximately 84% of internet users answered that web pages with important information input should be SSL/TLS compatible, and are equipped with various forms that require input of personal information such as inquiries and document requests. The website requires an SSL server certificate.
Q. Do you think “SSL (encryption) server certificate” is required on the Web screen for entering important information (bank account number, login ID, password, personal information such as name and email address)?
Technical mechanism of SSL/TLS
Introducing the technical mechanism of SSL/TLS, what happens between the site user’s browser and the server when performing SSL/TLS communication.
When the user makes a connection request to the target server, the server sends the “SSL server certificate” with the public key. The user’s browser verifies this “SSL server certificate” using the root certificate installed in the browser.
If there is no problem, use the public key sent from the server to encrypt your common key and send it to the server.
The server side acquires the common key by decrypting with the private key, and communicates using this common key.
Let’s focus on the part of “verifying the certificate”.
Certificates that have not been certified by a trusted authority are commonly known as “Oleore Certificates” and cannot be verified with a root certificate.
When accessing the site with a general browser used by many Internet users, a warning that it cannot be verified is displayed, so it is difficult for the user to display the screen after that.
Therefore, you should use an SSL server certificate that is certified by a trusted third party.
Types of SSL/TLS (domain authentication, company authentication, EV authentication)
There are three types of SSL server certificates. It is important to choose an appropriate certificate depending on the usage of the website.
Domain authentication type SSL server certificate
This is an SSL server certificate specialized for SSL/TLS encryption. Since it can be acquired if the ownership of the domain name of the website can be confirmed, it is a feature that it can be acquired even by individuals, at a low price and in a short period of time.
On the other hand, regardless of the actuality of the website management organization, if you own the domain name, you can obtain it by a simple online examination, so the deterrent effect of “spoofing” is limited.
Corporate authentication type SSL server certificate
In addition to encryption by SSL/TLS, this is an SSL server certificate issued after confirming that the website operating organization actually exists. By checking the existence of the company or organization based on the registration certificate or the third party database and confirming it by telephone, etc. that does not go through the Internet, higher reliability than the domain authentication type is realized.
At the time of issuance examination (certification), the existence is confirmed by the legal registration of the site management organization, so individuals or sole proprietors who cannot confirm the existence cannot obtain it.
EV authentication type SSL server certificate
The EV authentication SSL server certificate (EV SSL certificate) is issued by confirming the existence of the website operating organization, which is the more rigorous procedure among the corporate authentication SSL server certificates.
EV SSL certificate issuance examination (certification) has the difference that it is necessary to separately confirm the enrollment of a “signing authority confirmer” within the website operating organization and a “application person confirmation form”.
The EV SSL certificate also has the major feature that the protection of SSL/TLS encrypted communication is easy to understand visually.
The address bar of the browser turns green and the name of the operating organization is also displayed, giving the site visitor a great sense of web security.
SSL/TLS application flow
Applying for an SSL server certificate is roughly divided into four steps.
1. Generate CSR
Generate a CSR (Certificate Signing Request) on the server that uses SSL/TLS.
CSR is a small text data that contains information about websites that implement SSL/TLS.
2. Online application
Enter the required information according to the flow of the screen on the online application site of the certificate authority. At this time, paste the CSR generated in @ on the application screen.
It will be smooth if you apply in advance after confirming the registered head office address of the site operator.
3. Preparation of required documents and sending to CA
If you need special documents such as EV SSL certificate for the issue inspection by the certificate authority, prepare and send it to the certificate authority.
*For domain authentication type certificate, this procedure is usually unnecessary.
4. Issuing and installing the SSL server certificate
For GeoTrust, you will receive your certificate via email.
Save the received certificate on the server and install it.
If you are unsure about how to apply for the first time, read the Certificate Authority’s Frequently Asked Questions or ask the Customer Center.
Summary of SSL/TLS
The need for SSL/TLS encryption of information exchanged over the Internet has become much more understood. On the other hand, is it sufficient to create an environment in which the site users can use the site with confidence by demonstrating the existence of the website management organization and business?
The Internet is a “non-face-to-face world”, and it is easy for a malicious third party to create a real-life “spoofing site.” No matter how much you encrypt the communication contents by SSL/TLS, it is not safe if the communication partner is not the correct partner you intended.
In recent years, fraud and crimes are rampant on the Internet, and it is strongly required to provide not only SSL/TLS encryption but also an environment where users can use the website with confidence by proving it to be a “real website”. I will.
Bookeers | Bookeers Secret Sale | 🇺🇸 US Domain And Hosting | 🇬🇧 UK Domain And Hosting | 🇦🇺 AU Domain And Hosting | 🇧🇬 BG Domain And Hosting | 🇨🇦 CA Domain And Hosting | 🇫🇷 FR Domain And Hosting | 🇪🇸 ES Domain And Hosting