SSL (Secure Socket Layer) certificate is a technology that encrypts communication between the user and the website on which he is located. Thanks to this solution, all sensitive data is protected against unauthorized access. How does it work? What are the encryption methods? Which one should You choose for your website?
To better understand how a SSL certificate works, you should imagine browsing the web as a conversation between two people. One of them is the user, which is you. The second is the website you are trying to access. Your conversation is your way of using this website. If you want to provide sensitive data in it – it can be, for example, your password, e-mail address, date of birth, personal id number, important document – you just don’t want random person to have access to them. We don’t shout out a credit card pin when paying for a shopping in a crowded restaurant for exactly the same reason. And the information you provide on a daily basis to every website, social network, etc. There is a lot.
SSL certificate – how does it work?
SSL works in two ways. First of all, it encrypts the data so that no one from the outside can read it without a special encryption key. The second aspect is the verification of the data for which a given certificate has been issued. Using the previous example, an SSL certificate gives us confidence that the person we are talking to is who he or she claims to be and that no outsider will understand a word from our conversation without the appropriate decryption key.
SSL certificate – which one to choose?
Currently, you can choose from several types of SSL certificates. Their three main types are DV, OV and EV certifications. How are they different from each other?
SSL DV (Domain Validation) certificate is a good choice for small and medium-sized websites that consist of a single domain or several subdomains. It is also a good choice for people who do not run a business. These types of certificates are low-cost, are issued very quickly (even in a few minutes) without the need to present various documents. They are based on one of three types of authorization. It can be performed using a specific e-mail account operating on a certified domain (e.g. email@example.com), uploading the appropriate file to the main domain folder on the server, or adding an appropriate DNS record in the domain configuration. SSL DVs offer 256 bit encryption and are compatible with nearly all browsers, including mobile browsers. Once installed, you will see a padlock symbol and the https: // prefix in your browser bar.
The OV (Organization Validation) SSL certificate is issued only to registered companies and not for people who do not run a business. To obtain it, you must present the corporate documents to the certificate registrar. After the verification process which takes up to several days, a certificate will be issued. In addition to encryption, the certificate displays information about the company to which the website belongs and the certificate issuer. Thanks to this, the user can be sure that the company operates legally and the information provided will remain confidential. This is a popular solution for e-commerce.
The third type of SSL certificates is EV (Extended Validation). It is also the most expensive type of certificate offering the highest level of security. The applicant company is thoroughly checked by the certification body, which can take up to several weeks. EV SSLs are primarily used by banks and online payment companies. In the address bar of the browser, apart from the padlock and the prefix https: //, you can see the company name, and in some browsers, the bar turns green.
Certificates are usually bought for a period of 12 months and after that period they have to be extended (and payed again). If we forget about it, the certificate will expire and the website will display a warning to all internet users visiting it. Some hosting plans also offer the option of installing a free Let’s Encrypt certificate and the option of its automatic renewal. In the case of other hosting, such a certificate is not available, or a periodic fee (e.g. every 3 months) is required for its renewal by the administrator.
Public key infrastructure (PKI), which is the encryption used in SSL
There are three main methods for encrypting and decrypting RSA, DSA, and ECC data. The name RSA hides the first letters of the names of the authors of this algorithm – Ron Rivest, Adi Shamir and Leonard Adelman. It was established in 1977. It even uses 2048-bit public key lengths.) DSA (Digital signature algorithm) uses a different algorithm than RSA to create public and private keys. It was established at the National Institute of Standards and Technology in 1991. RSA and DSA are considered to have the same level of security despite using different key generation algorithms. The main differences come down primarily to performance and speed. However, this difference is small, even negligible.
However, ECC (Elliptic curve cryptography) is a completely different type of algorithm that provides the same level of security as RSA and DSA, but the key length is much smaller. This affects performance because such a solution simply uses less resources. This standard was approved as early as 2001. However, some issuers do not yet offer the option to purchase SSL certificates that use ECC encryption.
In the next article, I will introduce you to the topic of how to install an SSL certificate on a website with WordPress.