What is an SSL/TLS x.509 Certificate?
An SSL Certificate is a digital computer file that has two specific functions:
- Authentication and Verification: The SSL Certificate has information about the authenticity of details around the identity of a host or site. When you click on the padlock displayed or check the trust mark the certificate chain details prove where the certificate is generated from.
- Data Encryption: The SSL Certificate enables encryption, which means that the sensitive information exchanged via the web site cannot be intercepted and read by anyone other than the intended recipient.
An SSL Certificate is most reliable when issued by a trusted Certificate Authority (CA). The CA has to follow very strict rules and policies about who may or may not receive an SSL Certificate. So, when you have a valid SSL Certificate from a trusted CA, there is a higher degree of trust.
How do I check a site for a valid secure connection?
- A standard web site without SSL security displays “HTTP” at the beginning of the web site address in the browser address bar. This stands for “Hypertext Transfer Protocol,” and is the conventional way to transmit information over the Internet. However, a web site that is secured with an SSL Certificate will have “HTTPS” before the address. This stands for “Hypertext Transfer Protocol Secure”.
- You will also see a padlock symbol on the top or bottom of the Internet browser.
- You may also notice a trust mark displayed on the web site. This will display details of the certificate with all of the company information as verified and authenticated by the CA.
- By clicking the closed padlock in the browser window, or certain SSL trust marks, you can see the authenticated organization name. In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns green when an Extended Validation (EV) SSL Certificate is detected. If the information does not match, or the certificate has expired, the browser displays an error message or warning.
What does the SSL connection process look like for a web page?
- A browser requests a secure page.
- The web server sends its public key with its certificate.
- The browser checks that the certificate was issued by a trusted root authority or Certificate Authority and that the certificate is still valid and that the certificate is related to the site contacted.
- The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
- The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.
- The web server sends back the requested html document and http data encrypted with the symmetric key.
- The browser decrypts the http data and html document using the symmetric key and displays the information.