Thursday, November 23, 2006

SSL (Secure Socket Layer) Certificates - Process, Benefits and its Working

What is SSL?

Secure Sockets Layer protocol is a method of passing sensitive/personal information, such as credit card details, login details over the Internet. All these type of communication over the internet must be encrypted i.e. secured to prevent from hacking/identity theft. An SSL URL is preceded by https:// instead of http://.


How to create an SSL Secured website?

To be able to create a Secure SSL connection a web server requires an SSL Certificate. When you choose to install and activate an SSL certificate on your web server you need register with any of the Certification Authority (CA), where you would be prompted to complete a number of questions about the identity of your website and your company. After you fulfill the requirement of the CA’s, they would validate your business and the CA would proceed to issue you an SSL Certificate. After the validation process, your web server creates two cryptographic keys - a Private Key and a Public Key.

The word Public Key itself states that it does not need to be secret and is placed into a Certificate Signing Request (CSR) - a data file also contains your details. You would then submit the CSR. During the SSL Certificate application process, the Certification Authority (CA) will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL in your web server. Your web server will match your issued SSL Certificate to your Private Key. After this process your web server would be able to establish an encrypted link / secure connection between the website and your customer's web browser.

What are the benefits of SSL?

Secure Sockets Layer or SSL for short provides the following benefits:

Authentication of the server
Whenever an customer i.e. an end user connects to an SSL enabled site, the Server sends its unique Digital certificate which is approved and signed from a universally trusted source (E.g. Comodo, Verisign or any other CA). This guarantees an end user / customer that it is being communicating with the right server.

Communication privacy
SSL uses public key as well as private key encryption technologies to provide an encrypted/secure channel. This secure channel ensures an end user / customer that all communication between the user’s browser and the Web server remains encrypted and secure so if any one intercepting the communication will only see collapsed text which would make no sense.

Which websites would require SSL?

SSL is essential when sensitive data is sent over the Internet, like and credit card info or a site which carries on with confidential and financial transactions. Such a online shopping portals, bank sites and other sites which requires to be encrypted to create trust between the user and the web server. It’s actually most secure to use SSL on all pages. But, that can slow your site down considerably. If you can’t use SSL on every page, here’s an important precaution to take.

Is taking a Bank Loan Good or Bad?

Definitely taking a bank loan shouldn't be a choice for you and should be the last resource if you need to. You may be wondering, why am...