The Lowdown on the Web Server Certificate

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (25 votes, average: 4.24)
Loading...

Here’s everything you didn’t know about web server SSL certificates

What springs to mind when you hear the word “web server certificate?” The people who’re miles away from the nerdy stuff could think that it’s some kind of a certificate for a web server. A certificate for a web server? It doesn’t make any sense, does it? Well, that’s the thing about these terms. They sound sweet and straightforward on the surface but mean something totally different when we peel the layers back. “Web server SSL certificate” is one such term.

In this post, we’re going to clear all the confusion you have regarding web server certificates and give you some surprising information we think you’ll find quite interesting. But before we take a dive deep into web server SSL certificates, let’s first have a look at a scenario…

Let’s Imagine…

Let’s go back to the era of the dot-com bubble when there’s a lot of hype and hysteria surrounding the internet and the things one could do with it. Let’s say there’s a person named Jeff who gets an internet connection at his place. Now, Jeff is the kind of person who’d wait overnight in long queues to get his hands on newly-launched electronic products. Jeff is super-excited about the internet and the things he could do online.

Now Jeff, through his friend, hears about online shopping. As expected, Jeff is like, “Wow! This is so cool” and starts searching for things he could buy using his credit card. After spending a great deal of time searching for products, he decides to purchase some books. He submits his personal and credit card details on one website that sells books, and he places an order worth $150.

On the next day, Jeff goes to the bank and finds out about a $5000 purchase from his credit card. Jeff is shocked as he hadn’t made any purchase of that amount. He’s wondering what happened and blocks his card immediately. Then, he goes to Bill, who’s into cyber-security. Bill has a glance at the website on which Jeff made the purchase, and in a second, tells him that that website is a scam. Poor Jeff can do nothing but shake his head in disbelief.

Identity: One of the Biggest Problems on the Internet

When it comes to the internet, we interact with the websites, not the actual person/organization behind that website. Therefore, it opens up a big door of opportunities for hackers and fraudsters. All they need to do is create fake websites that look like legitimate websites of organizations, and the rest will be taken care of by people like Jeff.

Let’s take a look at this with an example. You’re currently on our website, “comodosslstore.com.” What if a hacker creates a website that looks exactly like our website and gives it a name such as “comodosslstores.com?” If the fraudster somehow manages to land users on their dummy website, users could easily fall for it and could result in giving their sensitive data, as Jeff did.

This is called the problem of identity, and that’s where web server SSL certificates come in.

Web Server Certificates: The Bedrock of Web Security

Web server certificate, more commonly known as a “SSL certificate,” is a type of digital certificate (set of data files) that provides authentication for a website and enables an encrypted connection. In simpler words, it lets users know the legitimacy of a website and secures the data transmitting in between a web server and its users.

buy SSL Certificates

Save Up To 80% When You Buy SSL Certificates Direct

Tip: you can get the lowest price on SSL certificates when you buy direct instead of through your hosting company.
Buy SSL Certificates

 

A web server SSL certificate allows you to…

  • Encrypt the data transmitting between a web browser and a web server. Thanks to the encryption technology used in web server certificates (SSL certificates), the data is turned into an undecipherable format. Therefore, no unintended 3rd-party can see the data in its original form and misuse it. Such encryption relies on super-complex mathematical algorithms that are almost impossible to crack by supercomputers, let alone mediocre hackers.
  • Authenticate, which happens when a web server certificate makes sure that you’re communicating with the correct person/organization, and the website isn’t a fake one. Remember Jeff?
  • Protect the integrity of the data by thwarting data tampering attempts by the likes of hackers. As the data remains encrypted between two end-points – between a web browser and web server – there’s no scope for any ill-intended entity to come in between and alter the data. This way, the data/message reaches in its original form.

How does a Web Server Certificate Work?

As we saw, a web server certificate has two primary functions: authentication and encryption. Both these functions are taken care of by a technique/system called “public key cryptography,” also known as “public key infrastructure” (PKI).

The public key infrastructure uses two cryptographic keys for authentication and encryption between the web browser and the web server. These keys come in pairs and are known as the “public key” and “private key.” The reason why these keys come in pairs is that they’re mathematically related to each other.

A public key, as you can tell by its name, is publicly available. Anyone can access the public key. A private key, as you can guess by its name, is supposed to be kept private. Both these keys are a part of the files known as “web server certificate.”

Now you might be wondering how this all exactly  works. Aren’t you? Well, we’re just about to dive into that. The functions of an SSL certificate – authentication and encryption – take place in a process known as “SSL handshake.” This handshake is a series of steps of communication between a web browser and a web server.

Let’s see how SSL/TLS handshake pans out.

Note: We’ve simplified the entire handshake process for better understanding. The actual handshake process is more complex and more profound.

  1. Client Hello Message: First, the client (web browser) initiates the handshake and sends a “hello” message to the server. This message includes supported SSL/TLS versions, the cipher suites, and a string of random bytes known as the client random. In simple terms, the web browser says hello and lays down the conditions for further communication.
  2. Server Hello Message: The server responds to the client’s “hello.” In response to the browser’s conditions, it responds by sending a message that consists of an SSL certificate, supported cipher suites, and server random.
  3. Authentication and Pre-Master Key: The client verifies the server certificate’s legitimacy, and upon finding it valid, it creates a pre-master key for the session. Then, it encrypts the key with the server’s public key and sends the encrypted pre-master key to the server.
  4. Decryption and Master Secret: Upon receiving the encrypted pre-master key, the server decrypts it using its private key, and then, both Server and Client combine to generate the master secret.
  5. Encryption with Session Key: Both parties – client and server – encrypt and decrypt the information using a shared key. This key is called the ‘session key,’ and this method of encryption is called symmetric encryption. In hindsight, this is the key that actually encrypts and decrypts the data.

SSL Certificates

Save Up to 86% on Comodo CA SSL Certificates

Get SSL certificates from Comodo CA starting for as little as $7.02 per year!
Shop Now

 

The Role of Certificate Authority in Identity Verification

Now you might be wondering, where did the “identity verification” go? Well, it’s right here, it hasn’t gone anywhere. Web server certificates are issued by trusted third-party entities regarded as “certificate authorities.” These certificate authorities are supposed to conduct a verification process before issuing an SSL/TLS certificate to you.

The level of this vetting process depends on the type of web server SSL certificate you want to issue. Surprised? Well, yes, there are various types of web server certificates. These types are based on the level of validation conducted by the certificate authority (CA). They are:

  1. Domain Validation (DV) SSL Certificate
  2. Organization Validation (OV) SSL Certificate
  3. Extended Validation (EV) SSL Certificate

1.      Domain Validation (DV) SSL Certificate

Domain validation SSL certificates, as it sounds, involve the verification of domain ownership. Before issuing this type of web server certificate, the certificate authority is supposed to verify the domain ownership of the person/organization wanting to issue an SSL certificate. This is quite a simple process, and it’s entirely automated. Therefore, it can be completed within minutes. Such web server certificates are ideal for personal websites and blogs. They’re not a good fit for organizations since users won’t be able to see the organization behind the website.

2. Organization Validation (OV) SSL Certificate

Organization validation (OV) SSL certificates are mid-level certificates that involve the verification of the organization/business. If you’re an organization and you want to show your customers that the website belongs to you, organizations validation (OV) web server SSL certificates fit the bill. Before issuing a certificate to an organization, certificate authorities (CAs) verify the ownership of the business

3.      Extended Validation (EV) SSL Certificates

Extended validation (EV) SSL certificates, as you can guess by its name, are the most advanced type of SSL certificates. To issue an EV web server SSL certificate, you need to undergo a thorough vetting process conducted by a certificate authority (CA). Typically, this process takes around 1-3 days. The certificate is issued on completion of the vetting process.

Final Word

Apart from the advantages of authentication and encryption, a web server SSL certificate gives you a boost in your SEO rankings, satisfy PCI/DSS requirements to accept payments, and ultimately establish user trust and credibility. Not only that, but not having an SSL certificate will cause all major browsers to display a security warning to everyone accessing your website. This, obviously, isn’t a good thing by any means.  So, if you’re thinking of getting a web server certificate for your website, you should go ahead and get one immediately. If you want to have an SSL certificate by the world’s most trusted certificate authority (CA) – at the lowest price – you can have a look at our full range of SSL certificates. You won’t get cheaper anywhere else. We guarantee it!

SSL Certificates

Save Up to 89% on a PositiveSSL Multi Domain SSL Certificate!

Get a Domain Validation (DV) SSL Certificate for as little as $18.81 per year!
Shop Now