What is an SSL certificate?

SSL, TLS, https – it may seem like alphabet soup, but it actually has to do with the security of your data as you surf the web. Whether it’s your online banking credentials or the credit card information you enter on an online shopping site, SSL protocols keep sensitive data from falling into the wrong hands.
Close-up of web browser address bar reading “https”
Did you know that the “s” in https stands for “secure”?
So how do you know if the website you are using has a security certificate?

What do SSL and TLS mean? Are they different?

“SSL” stands for “secure socket layer” – but what does that actually mean? Simply put, it’s an encrypted link between a client – e.g. your web browser – and a server – e.g. the website you are visiting. The encryption keeps your data secure from third parties. In other words, companies, organizations or anyone who operates a website use SSL certificates to keep their customers’ information secure and private during the data transfer. This is especially important when you are conducting transactions like online banking. You may also have heard of “TLS” in the context of website security. This is because the SSL protocol has evolved over time, with new versions replacing older ones. TLS (transport layer security) is the version that is in use today, but the initials SSL have stuck and are still widely used.

How does a website get a security certificate?

To obtain an SSL certificate, the website operator has to apply to a Certificate Authority (CA), an independent organization or company that validates their identity and information. Some CAs are non-profits that issue free SSL certificates, while others are paid. The process is standard: The applicant generates a Certificate Signing Request (CSR) on their server and sends it to the CA, who verifies it and digitally signs their certificate. The certificate includes information such as its issue and expiration date, the name of the CA, the domain name that the certificate was issued for, the organization it was issued to, and the public encryption key. Once the website operator has the SSL certificate, they install it on their server, where it is generally valid for two years.

How do I know if a website has an SSL certificate?

It is easy to see whether a website you are visiting has a security certificate – simply look at the web address to see if it starts with the acronym “https” (like the URL of this web page, https://www.mail.com/blog/), which stands for “hypertext transfer protocol secure.” If the website does not have an SSL certificate, only the letters “http” will appear – the “S” for “secure” is missing. In addition, a closed padlock icon will be displayed next to the URL of a secure website. If you would like more information about that website’s security certificate, you can click on this icon for details.

If a website does not have a security certificate, your internet browser will usually warn you in some way. For example, the padlock symbol next to the web address will appear unlocked or in red, or a warning triangle will be displayed.

Does an SSL certificate mean a website is safe?

SSL encryption is an extremely effective method of ensuring that your login credentials, credit card and bank account information, or any other information you might enter into an online form cannot be accessed by anyone but the company or organization you are sending it to. In other words, an https address or a lock symbol on a website means that your data is encrypted and the data transfer process is secure. Unfortunately, it does not tell you if the website in question is run by a trustworthy person or company. Many phishing websites have an https address and padlock icon. You can click on this icon as described above to view the site’s certificate and identifying information. The organization’s name – or lack thereof – and issuing CA can help you decide if the site is trustworthy.

Bonus explainer: SSL handshake

Depending on what internet browser you use, when visiting a secure website you may sometimes see a message reading “performing SSL handshake with…” in the corner of your screen. Just like a handshake between people, the SSL handshake is how web servers say hello and start communicating with each other. It establishes a link between a user and a website to start the secure data transfer process. In a matter of seconds, your web browser initiates a connection to an SSL/TLS-secured website asking it to identify itself; in response, the website’s server sends back a copy of its SSL certificate. The two then exchange encrypted keys, completing the SSL handshake, and data can be safely shared between the browser and the web server.

We hope this information on SSL certificates helps you keep your online data safe. We look forward to your feedback!

Images: 1&1/Shutterstock
 

4 people found this article helpful.

Related articles

Inactive accounts: What can happen to unused email addresses?

What is typosquatting?

The best password managers