What is an SSL Certificate?

5 October 2013

We’ve been asked recently by some of our clients, for whom we’re developing ecommerce websites for, “what is an SSL certificate and do I need one?” So, in this post we’re going to look at SSL’s in a little more detail.

A Secured Socket Layer (SSL), also known as Transport Layer Security (TLS) is a security protocol that was created by Netscape in order to have secure transactions among the web browsers and servers. Essentially, it is a digital certificate that serves twin purposes:

a) authentication of the identity of a website

b) encryption of information sent to the server by the browser

The SSL certificate brings in a sense of confidence among the visitors and users of the website as to its credentials and reliability. Most commonly, SSL technology is used by ecommerce websites and banking gateways when transferring sensitive financial information in order to process user requests. The user can verify the security of the connection by checking the protocol in the address bar (instead of the usual “http://”, the address starts from “https://”, where ‘s’ stands for secure). The interaction with the secure server is facilitated by the web browser and it is terminated only when the transaction is complete from the secure server’s end.

Contents of SSL Certificate

An SSL certificate comprises of the following information:

i. Name of the certificate holder

ii. Serial Number

iii. Expiry date of the certificate

iv. A copy of the public key of the certificate holder

v. Digital signature of the authority issuing the certificate

The SSL certificates can be purchased from the certifying authorities after verification.

Basis of SSL

SSL is based on encryption technology, which can be understood as the process of scrambling data and turning it into an unreadable and undecipherable form that can be descrambled into readable format only with the corresponding decryption key.

How Does SSL Work?

SSL offers security through public/private key encryption. The process is also known as asymmetric encryption or public key encryption.

The message is encrypted using public key, which is a string of letters and numbers. Only the owner of the message can read it using the private key, which is corresponding to that public key. This private key is kept confidential from the world at large. The encryption-decryption can also be facilitated vice-versa, i.e., encryption using private key and decryption using public key in order to have a secure one-on-one conversation.

What is the Difference Between 128-bit and 256-bit Encryption?

The length of the public and private keys is either 128-bit or 256-bit. The greater the length of the key, the stronger the encryption! So, 256-bit encryption is considered stronger than 128-bit encryption.

A bit is a single value and can be either 0 or 1. Now, in a 128-bit key, the cipher would be 128-bits long, which means that there are about 3.4 x 10e38 possible combinations and that is a huge number to crack the encryption. And in a 256-bit key, the cipher would be 256-bits long, which means that there are about 1.5 x10e77 possible combinations and that is exponentially stronger than 128-bit encryption.

What is the Requirement of SSL certificate?

With booming commercial and financial transactions being carried out on the internet at a breathtaking pace, the risk of theft of sensitive personal and financial data of the users is at an all time high. The cyber criminals are always on the prowl to steal such sensitive information and to use it for their advantage. However, SSL certificate ensures that the data is transferred in an encrypted manner in order to make it as difficult as possible for anyone perpetrating man-in-the-middle attacks on the servers to decipher the information. Moreover, the users these days have become increasingly aware about the need for SSL certificate for a website dealing with sensitive personal and/or financial information of the users.

Do I Need an SSL Certificate?

This depends on the type of website you have and how sensitive the information is that your website visitors are disclosing. Some merchants, such as Google Checkout, will require you to have a SSL certificate.

As always, if you need any help or require any further information, get in touch.