Shutterstock/Robert Avgustin

SSL certificates are issued to protect important traffic between websites and users, so that attackers can’t intercept sensitive data. Let’s take a look at how SSL certificates work on the web!

What is SSL/TLS?

SSL, which stands for Secure Sockets Layer, is a protocol used to encrypt traffic between two computers. Interestingly enough, we still commonly refer to SSL but in reality TLS (Transport Layer Security) is now, and has been, the standard protocol for securing traffic between websites and users since SSL was deprecated in 1999.

That being said, when we talk about SSL and SSL certificates, we are most likely talking about the same encryption technology. If you are really interested in the nitty-gritty details of how TLS works, you can read the RFC of TLS 1.3 here.

What is the Purpose of SSL/TLS?

SSL/TLS was invented and implemented to secure data between networked computers by encrypting and authenticating traffic on the network. Normally, when two computers are networked or a user is visiting a website, the traffic and contents is unencrypted and essentially available to be intercepted. By incorporating encryption, the data users enter in forms and information that is passed between two systems is secured from prying eyes.

In the today’s world, failing to setup encrypted communication to protect users and data is a recipe for disaster. With attackers lurking in every corner of the web, it is necessary to take extra precautions to secure your website and networks. Whether you are connected to a public WiFi at a coffee shop, entering sensitive financial information into an online form, or simply signing into your email, your data would be at risk without SSL and TLS encryption.

How Does SSL/TLS Actually Work?

SSL and TLS work by creating key pairs, using a public and private key, to authenticate connections and define the identity of a website. The private key is held secure by the website and a public key is available for users.

The way public and private keys work together allows browsers to automatically encrypt user traffic with a public key in a way that only can be decrypted by the private key. This means if a website is configured with TLS properly, all traffic between you and the server (including but not limited to forms and logins) is secured, encrypted, and only able to be decrypted and deciphered by the website. This protects you from an attacker on your network snooping on traffic and recovering sensitive data.

What Does It Look Like in a Browser?

In your browser, you will see a lock icon. If you click it, you should see more information about the connection and whether it is secure or unsecured. Many browsers highlight the lock button as well color it green or red. If you are not sure whether your connection is secured, you can click on this icon and see more information.

Additionally, you can see https in the browser rather than http. Having this in the URL does not mean it’s secured, but can be another indicator that it probably is. Most browsers will clearly warn you if a site is claiming to be a secured site but is not really.

How Are SSL Certificates Implemented?

Now that you know what SSL and TLS is, and how it secures traffic, let’s take a look at how we can implement our very own SSL certificate. The process is simple! Generate a Certificate Signing Request, submit the CSR and receive an SSL Certificate, install the SSL certificate, and install the intermediate certificate.

Generate CSR (Public and Private Key)

The first step to getting an SSL certificate is generating a Certificate Signing Request, or CSR, on your server. When you create a CSR, you will indicate the domain name of the website being secured, your organization and address and finally the key type and key size.

This process creates a public and private key on your server and generates a CSR file which contains the public key. Note the files location as you may need to open this in a text editor and copy the contents.

Submit CSR Public Key to CA for Validation

Once you have created your CSR, you will submit it to a Certificate Authority (CA) to have it validated. Anyone can create SSL certificates, but modern browsers only trust certificates from Certificate Authorities.

When you submit your CSR to the Certificate Authority, they will send you back an SSL certificate. This certificate is certified by the CA to connect to your website, preventing other users from forging their own certificate.

Receive and Install SSL Certificate

When you have received your SSL certificate from the CA, you can now install it on your server and connect it to your website. Many control panels make this an easy process but it will vary depending on your operating system and server setup. If you are working with cPanel or Plesk, you can install SSL certificates through the dashboard. If you are running your website with no control panel, you will have to do a bit of manual work to get it configured. Congratulations! You’re almost done.

Implement Intermediate Certificate

The intermediate certificate is signed by the Certificate Authority’s root certificate, proving that they have validated the SSL certificate. The intermediate certificate essentially signs your SSL certificate and creates a ring of trust and authentication between your website, the CA, and users around the world. Once you implement the intermediate certificate, you bind the connection between your server, your website, and the Certificate Authority, keeping users safe and secure!

Where Can I Get an SSL Certificate?

With all of that being said, let’s talk about how we can get our very own SSL certificate signed by a trusted CA.

As far as generating a CSR file, you will need to figure out how to do that on your operating system and server setup. If you are using shared or managed hosting, it should be as easy as asking for help. If you are using Windows Server, you can check out this guide here. And Linux users, I’m sure you can figure it out!

To get your CSR signed, you can find popular Certificate Authorities include DigiCert, Comodo, Symantec, and RapidSSL. Many domain name registrars have services to help you get your signed by a trusted CA and hosting providers do the same!

It is getting easier than ever to incorporate SSL and secure encryption practices into your website and it can benefit everyone! Waste no time and setup your first SSL certificate today!

Profile Photo for Mike Sherman Mike Sherman
Mike Sherman worked as a lead Enterprise Server administrator for an international data center, as well as a technical consultant for a national MSP. He's got years of experience with hosting, security, and hands-on problem-solving.
Read Full Bio »