Information in SSL Certificate
- The domain name that the certificate was issued for
- Single – secures one fully-qualified domain name or subdomain name.this would be least expensive.
- Wildcard - covers one domain name and an unlimited number of its subdomains
- Multi-Domain – secures multiple domain names.
- The public key
- Associated subdomains
- Which certificate authority issued it
- Expiration date of the certificate
- Issue date of the certificate
- Which person, organization, or device it was issued to
- The certificate authority's digital signature
Level of validation
- Domain validation - This is the least expensive choice and covers
- Encryption
- Verification of the ownership
- Organization validation - Additionally (to domain validation) certain details of the owner (e.g., name and address) are authenticated.
- Extended validation - In addition to ownership of the domain name registration and entity authentication, the legal, physical and operational existence of the entity is verified.
How does SSL certificate authenticate the identity of the website
SSL certificates help in verifying that a client is talking to the correct server that actually owns the domain. This helps in preventing domain spoofing and other kinds of attacks. The SSL certificate has the domain name of the website as well as the public key of the website. SSL certificates are issued by Certificate Authorities (CAs), organizations that are trusted to verify the identity and legitimacy of any entity requesting a certificate.The certificate is signed by CA(certificate authority). The CA signs the certificate with thier own private key. The client can verify the signature with public key of CA. For "well known Certificate Authorities" the public root certificate is pre installed in the browser and/or computer you are using ie Browsers come with a set of pre-installed CA certificates and only trust sites signed by any of the pre-installed CA certificates.If the verification is successful client knows for sure the public key of the domain. Any data encrypted by this key can only be decrypted by owner of domain as only the owner of the domain has the private key.
How does SSL certificate encrypt the data transmitted.
SSL/TLS encryption is possible because of the public-private key pairing that SSL certificates facilitate. The public key of domain is part of SSL certificate .
What is a self signed certificate.
The certificate can be signed by any private key . Clarifyforme.com can create a second pair of keys and sign the certificate with the private key. The browser will extract the signing authority from certificate and determine that signing has not been done by trusted authority.Being your own CA has the inconvenience that you must install your own CA root certificate in all clients (browsers/phones/tablets) that visit any of the servers with a certificate signed by your root CA. Hence it is more valuable in staging environment.