SSL/TLS Certificates

Acronyms

SSL/TLS Certificate?

An SSL/TLS certificate is a digital object/certificate that allows multiple systems to validate the authenticity, verify the identity, and subsequently establish an encrypted network connection between them using the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol.

What does an SSL/TLS Certificate have?

1. Domain name.

2. Certificate authority.

3. Certificate authority's digital signature.

4. Issuance date.

5. Expiration date.

6. Public Key (Used to encrypt the message and send it via a secure channel).

7. SSL/TLS version.

Example

1. A user opens a browser, types the name of a website like www.google.com in the address bar and hits enter.

2. When this action happens, the browser communicates with the Google web servers via an SSL/TLS channel.

3. The browser attempts to verify the authenticity of the Google web servers by requesting information that is familiar or identifiable.

4. As a reply, the web server sends the SSL/TLS certificate which contains a public key, to the browser.

5. The browser validates the SSL/TLS certificate and only when it satisfies, uses the public key to send an encrypted message to the web server that contains a secret session key.

6. Now, the Google web server uses its private key to decrypt the message and retrieve the session key. Using the session key, the web server encrypts the message and sends an acknowledgment to the browser.

7. After receiving the response, both the web server and browser switch to the same session key to exchange the messages safely.

What is a session key?

A session key is a temporary key that is used to encrypt or decrypt the data between the browser and the web server, during a single online session. It is also known as a session ID or session token.

Role of a session key

Session keys play a crucial role in identity verification by maintaining stateful communication between the browser and the web server. They act as a protective layer by ensuring the data exchange in a given session is encrypted and secured from external threats such as hacking or any malware attacks.

The session key is a cipher key for symmetric cryptography. Symmetric cryptography uses the same key for encryption and decryption. Asymmetric cryptography takes up immense computing resources, that's why the web server switches to symmetric cryptography which requires less computing resources to maintain the SSL/TLS connection.

SSL/TLS certificate Facts

1. SSL/TLS certificates are not perpetual. They need to be renewed periodically, such as once every year or two years.

2. SSL/TLS certificates are issued by a trusted third party, known as a Certificate Authority (CA).

3. Browsers trust the certificates that come from an organization, only when this organization is on the browser's list of trusted CAs.

4. Since the browser trusts the certificate authority (CA), now the browser also trusts the certificate authority organization's identity.

Why are SSL certificates important?

1. Higher ranking in Search and SEO.

2. Improves user experience.

3. Security from attacks and hacking.

Types of SSL/TLS certificates

SSL/TLS certificates with different levels of validation are as follows,

1. Extended validation certificates.

2. Organization validated certificates.

3. Domain-validated certificates.

SSL/TLS certificates that support different domains are as follows,

1. Single domain SSL/TLS certificates.

2. Multi-domain SSL/TLS certificates.

3. Wildcard SSL/TLS certificates.

SSL/TLS handshake

The SSL/TLS handshake is a cryptographic process that establishes a secure connection between a user's browser (client) and the web server. There are a series of events that happen between the two parties in order for a successful connection.

1. Authenticate each other by exchanging the certificates.

2. Agree on the encryption standards.

3. Establish a secure connection between each other to exchange data.

Citations

1. https://developers.google.com/search/blog/2014/08/https-as-ranking-signal

2. https://www.ssllabs.com/ssltest/