what-is-a-SSL-certificate

SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. To create https connection, an SSL certificate (also referred to as a “digital certificate”) is installed on a web server and serves two functions:It authenticates the identity of the website and encrypts the data that’s being transmitted.

Information in SSL Certificate

The domain name that the certificate was issued for
- Single – secures one fully-qualified domain name or subdomain name.this would be least expensive.
- Wildcard - covers one domain name and an unlimited number of its subdomains
- Multi-Domain – secures multiple domain names.
The public key
Associated subdomains
Which certificate authority issued it
Expiration date of the certificate
Issue date of the certificate
Which person, organization, or device it was issued to
The certificate authority's digital signature

Level of validation

Domain validation - This is the least expensive choice and covers
- Encryption
- Verification of the ownership
Organization validation - Additionally (to domain validation) certain details of the owner (e.g., name and address) are authenticated.
Extended validation - In addition to ownership of the domain name registration and entity authentication, the legal, physical and operational existence of the entity is verified.

How does SSL certificate authenticate the identity of the website

SSL certificates help in verifying that a client is talking to the correct server that actually owns the domain. This helps in preventing domain spoofing and other kinds of attacks. The SSL certificate has the domain name of the website as well as the public key of the website. SSL certificates are issued by Certificate Authorities (CAs), organizations that are trusted to verify the identity and legitimacy of any entity requesting a certificate.The certificate is signed by CA(certificate authority). The CA signs the certificate with thier own private key. The client can verify the signature with public key of CA. For "well known Certificate Authorities" the public root certificate is pre installed in the browser and/or computer you are using ie Browsers come with a set of pre-installed CA certificates and only trust sites signed by any of the pre-installed CA certificates.If the verification is successful client knows for sure the public key of the domain. Any data encrypted by this key can only be decrypted by owner of domain as only the owner of the domain has the private key.

How does SSL certificate encrypt the data transmitted.

SSL/TLS encryption is possible because of the public-private key pairing that SSL certificates facilitate. The public key of domain is part of SSL certificate .

What is a self signed certificate.

The certificate can be signed by any private key . Clarifyforme.com can create a second pair of keys and sign the certificate with the private key. The browser will extract the signing authority from certificate and determine that signing has not been done by trusted authority.Being your own CA has the inconvenience that you must install your own CA root certificate in all clients (browsers/phones/tablets) that visit any of the servers with a certificate signed by your root CA. Hence it is more valuable in staging environment.

	Nishant Anand I am technical architect with around 18 years of experience in telecom , banking and health care domain. I was part of the founding team of Drishti and currently CTO at affordplan
	Consult Send Query