How a SSL Certificate Works Flow Chart
- Client/Server Handshake - The server and client agree on which protocols will be used
- Transfer of the Public key - The server sends the public key to the client. This is the only step where a SSL Certificate is used.
- Generation of Symmetric Key - The client generates the Symmetric Key
- Encrypt Symmetric Key - The client encrypts the Symmetric Key
- Transfer Symmetric Key - The client transfer the Symmetric Key to the server
- Decrypt Symmetric Key w/ Private Key- The server uses the Private Key to decrypt the encrypted Symmetric Key
- Symmetric Encryption - At this stage, both the server and the client have access to the Symmetric key. This creates a shared key and a transmission of data using symmetric encryption
The server is the beginning point of how a SSL Certificate functions. The server contains the PKI asymmetric encryption method, or the public and private key. The first step that occurs when a server is attempting to create a secure communication channel with the client is the initial handshake.
The handshake refers to the server and client both establishing an agreement of which protocols will be used. The protocols may vary but in this case, the protocol located within the server is RSA and AES protocol from within the client.
Symmetric encryption refers to the sharing of one key (opposed to two keys like asymmetric encryption). After the handshake is successful, the server passes over the public key to the client. This is the only step in the process where an SSL Certificate is used. The primary purpose of an SSL Certificate is to transfer the public key to the server. After the transfer is complete, the Symmetric key is generated.
The Symmetric key is then encrypted by the private key and transferred to the server. The private key, which is located on the server, decrypts the Symmetric key. At this point, the Symmetric Key is located on both the client and the server. This creates a shared key and enables a secure medium for the transfer of data.
What is Encryption?
There are two forms of Encryption used for SSL:
- Symmetric Encryption - A type of encryption where the same key is used to encrypt and decrypt the message.
- Asymmetric Encryption - A type of encryption which uses one key to encrypt a message and another to decrypt the message.
Symmetric encryption refers an encryption method where only one key, or a shared key is used. Symmetric is the protocol which refers to this shared key. Asymmetric encryption uses two key types to enable encryption, the public key and private key. While the public key can be viewed by anyone on the web, the private key resides within the server and must remain protected. What makes the private key special is that it possess the ability to encrypt and decrypt. Unlike the private key, the public key can only encrypt.
Since symmetric encryption uses a shared key, the communication channel has a higher risk of being compromised. While the key is being transferred to each party (the server and the client), a hacker could easily intercept the channel, learn the key, and steal sensitive data. This security risk is referred to as “Out of Band”. The best solution to solve the “Out of Band” issue is to use a SSL Certificate. SSL Certificates facilitate the transfer of the key from the server to the client, creating a safe channel for communication.
Uses of Encryption
- To Encrypt & Decrypt sensitive information send over the web
- Protect emails from Phishing Attacks
- Obtain and Maintain Consumer Trust
Before entering sensitive person data, such as credit card numbers, into a web browser, always be sure to check the site for an updated SSL Certificate.
What information do i need to order a SSL Certificate?
Before ordering an SSL Certificate, a Certificate Signing Request, or CSR, must be generated. A CSR is essentially a block of encrypted text that contains information that will be used to create the SSL certificate. The CSR must be generated from the server that the SSL certificate will be installed on. The CSR is created in the Base-64 format meaning it does not include the private key. A private key is usually created at the same time that you create the CSR, although a Certificate Authority will not need this information to generate the SSL Certificate. Be sure to reside the Private Key in a safe location within your server.
What information do I need to include within the CSR?
The CSR includes the following data:
This is your URL name. For example, www.secure128.com
This is the name of your organization. For example, Secure128
The division of your organization that is handling your SSL Certificate. For example, IT Department
The city where your organization is headquartered. For example, Atlanta
The state/region where your organization is headquartered. For example, Georgia
The two-letter country code where your organization is headquartered. For example, US
An email address used to contact the administrator of the order
This will be created AUTOMATICALLY upon generation
How do I generate a CSR?
Generating a CSR can vary depending the server type. Please refer to the GENERATE A CSR instructional page for further details.
SSL for Education
Education in the modern world is more interactive than ever. From financial aid to student/teacher portals to admissions to classes to textbooks, almost every aspect of education is now online. With the responsibility to withhold the federal regulation FERPA, it is important to have an online security solution that is trustworthy and reliable. Secure128 provides a wide variety of different security solutions to accommodate your needs.
SSL for Healthcare
The Health Insurance Portability and Accountability Act, better known as HIPPA, is enforced by the federal government to help keep patient’s health information safe and secure. With that being said, the healthcare industry bears a heavy burden to withhold this regulation. This is no better way to keep patient’s data safe then to guard your server with an Extended Validated SSL Certificate. In an industry where it is vital to not only protect customer data but to also cut cost, investing in an SSL Certificate provided by Secure128 is the best option!
SSL for Governments
In an advanced world where more people have access to the internet than ever before, it is valuable to protect your server with the strongest level of SSL. With vital information that must be protected such as social security numbers and classified government records, the general public is looking to you to keep them safe. Fulfil their expectations by inventing in an SSL Certificate.
SSL Certificate Validation Types
There are 3 different types of validation methods for SSL Certificates:
- Domain Validation (DV): Encrypts website communications, but does not identify website owner.
- Organization Validation (OV): Validates the legal owner of the website, displays ownership data in certificate details, and encrypts data.
- Extended Validation (EV): The highest level of SSL Certificate which Validates legal owner of website and employee approving the SSL order. Displays ownership info in certificate details AND in green browser/HTTPS URL. Also encrypts website data communications.
The Rule of Thumb for SSL
When deciding which level of SSL Certificate is best for your site, remember this simple phrase:
“The HIGHER the SENSITIVITY level, the HIGHER the VALIDATION type.”