An SSL certificate is a means of protecting users’ personal information on the Internet. If the site has an SSL certificate, a green lock and HTTPS protocol will appear in the address bar of the web browser. This means that it is safe to enter your password or bank card number on this site.
Imagine the situation: you pay for an order on the Internet, and you are asked to enter a bank card number. The web browser transmits this information to the server, where a special program verifies the authenticity of the card and sends a receipt for the purchase. Then the bank withdraws money from the card. In addition to card data, the web browser can transmit passwords, e-mail addresses and other personal information.
Usually, the web browser transmits all information in the open. If fraudsters get in the way of transmission, they can intercept the information and use it for personal purposes. Most likely, you will not even notice that your password or card number has been intercepted. Most often, they find out about it when money disappears from the card, or when someone changes the password in the account. To avoid such situations, you need an SSL certificate. On a site with an SSL certificate, the browser uses a secure connection.
How encryption works
When a user fills out contact forms on a site with a certificate, the browser converts the text into a random set of characters and sends a message to the server. Next, a special program on the server converts the encrypted message back into plain text.
A key is required to encrypt or decrypt a message. This is the basis of any encryption method. The easiest way is to change each letter in the word to the next one. In this case, the key is to shift one letter to the right.
It is easy to pick up such a key. Encrypting SSL certificates is much more complicated. Fraudsters will spend years trying every possible key.
Two types of encryption are involved in the work of an SSL certificate: symmetric and asymmetric.
Symmetric is when one key encrypts and decrypts a message.
Asymmetric – when there are two different keys: public and private. Public only encrypts the message, every browser can see it. Private only decrypts and is kept secret on the server.
Symmetric encryption is more convenient, but the keys must be known by both parties. This is difficult to implement because there are many web browsers and only one server where the SSL certificate for the site is installed. The server would have to send the key in public every time, which is dangerous. Asymmetric encryption is needed for this – to transmit a symmetric key.
Every time a visitor visits the site, the web browser generates a unique symmetric key, encrypts it with the public key, and sends it to the server. The server compares the private key with the public key and decrypts the message. This process takes a few seconds.
What are the certificates?
No matter which certificate you purchase, you will have to pass an inspection after purchase. This is something like confirming the rights to a domain and an identity card. Validation is required to minimize the chance that a fraudulent organization receives the certificate. According to the complexity of verification, certificates are divided into three types.
With domain verification
This is the simplest type of check. You only need to confirm the rights to own the domain. There are several ways to do this. For example, to submit a request for a verification letter to the email address from the domain’s contact information. Usually, such a check takes about 15 minutes.
Certificates with domain verification are suitable for such small projects as a personal site accepting payments, a blog, a promo page with an order form, etc.
With the verification of the organization
To issue such a certificate, you will need documents — an entry about a company or an individual entrepreneur in the state register. Individuals still need a passport or driver’s license. After purchase, you will receive the verification terms by email. This is how the certification center makes sure that you have the right to commercial activities and processing of personal data.
Organization-verified certificates are suitable for medium-sized projects such as a forum, an online store, a social network, a site with online courses, etc.
With advanced verification
On sites with such a certificate, when clicking on the “lock” in the browser, users will see the name of the company. After purchase, the certification authority will verify the domain and organization contact information, government registration and commercial activity rights. A complete list of requirements will be sent by mail. This type of verification is more difficult than others.
Certificates with extended verification are issued only to legal entities. They are suitable for large enterprises, such as a bank, a government organization, a retail chain, a corporate website, etc.
SSL certificates differ in the type of protection
For one domain
Only one name will be protected: the main domain or another subdomain. An SSL certificate for a single domain is suitable if customers enter personal data on a single page of the site. For example, such a certificate is suitable for a personal website, blog or promotional page.
For multiple domains
Protects different domains of the same company. It is suitable for international organizations or trade networks. For example, if your company has several sites for different countries.
For subdomains
Will simultaneously protect the main domain and all subdomains of the 1st level from the domain to which it is issued. Such an SSL certificate is suitable for a site that has sections on subdomains. These are usually sites where you can create an account. For example, the website of an online store or bank.