Rate this article: (1 votes, average: 5.00)
If you seek a simple yet profound understanding of SSL certificates, then you’ve come to the right place. In this post, we’ll explain HTTPS and SSL/TLS certificates in language that you can easily understand. That’s why we have “HTTPS and SSL certificates explained” in the title. But before we dive deep into SSL certificates and how they work, let’s first have a look at how the world looked before SSL certificates.
Let’s go back to the world where no one has heard of SSL or HTTPS. Alice and Bob are two friends who talk to each other through the internet. But they have a problem named Chandler. This Chandler guy used to be close to Alice and Bob, but due to reasons we won’t get into, they got into a fight, and Chandler threatened both of them. Alice and Bob are still close and worry about what Chandler could do. Their biggest worry is their communication being intercepted and tampered by Chandler, as he’s known to be a skillful hacker. However, they don’t have any option but to hope that Chandler won’t do it.
Chandler, being a hacker, knows this weakness of the internet and intercepts their communications. Not only that, he tampers with the message sent by Alice and sends the tampered message to Bob. Bob receives the tampered message and gets mad at Alice for sending such a hostile message. Alice, on the other hand, has no idea about the message and tells Bob that she didn’t send it. They both then realize what happened, but they’re helpless to do anything about it. They can’t communicate without the internet, but they also know that Chandler can see and tamper with their messages.
SSL/TLS is a protocol that facilitates secure communication between two points on the internet – typically a web browser and a server. Technically, SSL/TLS is defined as a cryptographic protocol that provides secure communication between a web browser and a server. SSL stands for secure socket layer, and TLS stands for transport layer security. Although they’re different acronyms, they mean the same thing in general (with just some different on the technical level).
Typically, SSL certificates are used to assert identity and to secure websites, mobile apps, email servers, fax, messaging, etc. However, they’re used most widely in websites. To secure a website, an SSL/TLS certificate is installed on a web server, and it establishes a secure, encrypted connection between a web browser and a server. In other words, the certificate enables a secure connection that encrypts the data transmitting between a web browser and a web server so that no unauthorized third-party can come in between and steal/tamper with the data. Such attacks are regarded as man-in-the-middle (MiTM) attacks, and SSL thwarts them through encryption.
This brings us to the topic of HTTPS. While browsing, you might have noticed that some website names start with HTTPS, while some (very few these days) begin with HTTP. The “S” is the difference, as we can see. HTTP (hypertext transfer protocol) is a standard internet protocol used for data communication. In layman’s terms, it’s used to transmit information on the internet. HTTPS (hypertext transfer protocol secure), on the other hand, is a secure version of HTTP. The difference between both is an SSL certificate. An SSL-enabled website uses HTTPS as protocol, while the non-SSL site uses HTTP.
We hope SSL and HTTPS are clear to you now.
An SSL certificate, a type of X.509 digital certificate, protects data in transit through the use of encryption — asymmetric encryption, to be precise. Asymmetric encryption is an encryption method that involves two keys: a private key and a public key. Both these keys are distinct but mathematically related to each other. As you can judge by their names, a public key is kept public, and a private key is kept private.
When it comes to data encryption, data is encrypted using the public key. The public key, secretly stored on the web server, decrypts the data encrypted by its related public key. This way, it ensures that only the intended recipient receives the data and maintains its integrity by thwarting MiTM attacks.
SSL and HTTPS seem like a complicated bunch of words from afar. However, they’re not as complicated as they may seem. If you’re a user, you should only ever give your information on secure HTTPS websites. And if you have a website or plan to create one, there’s no reason for you not to install an SSL certificate. Today, it’s estimated that between 57% and 70% of the most popular websites in the world are protected through SSL encryption. With Google heavily penalizing non-HTTPS websites, you can expect this number to go up in the near future.