SSL (Secure Sockets Layer) is the common name for TLS (Transport Layer Security), a security protocol that enables encrypted communications between two machines. An SSL certificate is a small data file leveraging this security protocol to serve two functions:
- Authentication – SSL certificates serve as credentials to authenticate the identity of a website. They are issued to a specific domain name and web server after a Certificate Authority, also known as a Certification Authority (CA), performs a strict vetting process on the organization requesting the certificate. Depending on the certificate type, it can provide information about a business or website's identity and authenticate that the website is a legitimate business.
- Secure data communication - When SSL is installed on a web server, it enables the padlock to appear in the web browser. It activates the HTTPS protocol and creates a secure connection between the server and a browser. It enables use of encryption algorithms to scramble the data in transit into an indecipherable format that can only be read with the proper decryption key.
SSL certificates include:
- The domain name that the certificate was issued for
- Which person, organization, or device it was issued to
- Which certificate authority issued it
- The certificate authority's digital signature
- Associated subdomains
- Issue date of the certificate
- Expiration date of the certificate
- The public key (the private key is kept secret)
The public and private keys used for SSL are essentially long strings of characters used for encrypting and decrypting data. Data encrypted with the public key can only be decrypted with the private key, and vice versa.
Why I need to have SSL installed on my website?
A website needs an SSL certificate in order to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and gain user trust.
In addition to securing user data in transit, HTTPS makes sites more trustworthy from a user's perspective. Many users won't notice the difference between an http:// and an https:// web address, but most browsers have started tagging HTTP sites as "not secure" in more noticeable ways, attempting to provide incentive for switching to HTTPS and increasing security.
The main source of SSL certificates are trusted certification authorities or Certification authorities (CAs). These are organizations that have undeniable authority in the IT services market and use the well-known public cryptographic key. In browsers, their list can usually be found in the "Trusted Root Certification Authorities" section.
A digital signature certified by a certificate of such a center is a proof of the authenticity of the company that owns the domain name and determines the right of the owner to legally use the secret key. It is called trusted.