What is an SSL certificate, exactly?
An SSL certificate is a digital certificate or data file that verifies the owner or authenticity of a website. SSL stands for Secure Sockets Layer, a data security protocol that establishes an encrypted connection between your web browser and the website you’re visiting.
Because SSL certificates help web browsers verify website safety and establish secure connections, they’re used by almost all reputable websites. SSL certificates are especially important for sites that process credit card transactions and other online payments, facilitate data-in-transit exchanges, and hold personal login credentials, like email providers and social media sites.
Many mobile apps, like encrypted messaging apps, also use SSL certificates, because they provide strong security.
For authentication purposes, an SSL certificate contains the following information:
-
The name of the website the certificate is issued to.
-
The name of the company the certificate is issued by.
-
The serial number of the certificate.
-
The certificate holder’s public key.
-
The digital signature of the certificate-issuing authority.
-
The certificate’s validity period, or the date it’s valid from to its expiration date.
The SSL certificate for the BBC’s website.
What does SSL stand for?
SSL stands for Secure Sockets Layer. An SSL is a security protocol that creates an encrypted link between a web server and a web browser. An SSL certificate authenticates the encrypted connection, and contains verified information about a website’s owner.
For companies that process personal or other sensitive data, an SSL certificate conveys trust, because it certifies the ownership and security of the domain.
How do SSL certificates work?
SSL certificates work by using public key cryptology, a system of encryption based on two keys, or long sets of randomly generated numbers.
The public key is public domain, so it’s known to your web browser. When you send sensitive data like payment details to a website, your browser uses the public key to encrypt the data before sending it through. Once received, the website uses a private key to decrypt the data. Only the website’s server has access to the private key that decodes the encrypted data.
SSL certificates use an encryption system based on public and private encryption keys.
Types of SSL certificates
There are different types of SSL certificates depending on the information they need to validate. For a more secure SSL certificate, a server must provide more details for authentication. If you’re sending highly sensitive data to a website, a more secure SSL certificate is better — they’ve provided more information about themselves, so you can trust them more.
Here are the three types of SSL certificate validations:
-
Domain Validation certificates validate only the owner of the server used by the website — no other information is required. DV SSL certificates are relatively easy to get and often used by cybercriminals to give the illusion of a trustworthy website.
-
Organization Validation certificates require verification of a web server’s organization, its physical location, and its domain name. OV SSL certificates offer a moderate level of trust and are suitable for websites that don’t process sensitive data.
-
Extended Validation certificates are the most difficult to get and require the most authentication information from a web server. EV SSL certificates have the highest level of security and are easy for your browser to verify.
How do you check a website’s SSL certificate?
If a website’s URL starts with https, then it holds an SSL certificate. Clicking on the lock icon opens a window with more details about the certificate and its issuing authority.
Here’s how to check a website’s SSL certificate:
-
On your browser’s address bar, click the lock icon next to the address of the website you’re visiting. If you’re using Chrome, click Connection is secure. (If you’re using Safari or another browser, click Show Certificate, or a similar button.)
-
Here you can verify that the connection is secure. To check the details of the SSL certificate, click Certificate is valid.
-
You’ll see a window with three tabs: General, Details, and Certification Path.
The General tab offers an overview of the SSL certificate, like who it’s issued to, who it’s issued by, and its validity period.
The Details tab gives you more info like the SSL certificate’s public key and other details.
The certification path shows you the levels of security, or chain of trust of the certifying authorities. In the SSL certificate shown below, the BBC website’s chain of certification ends with a so-called root-certificate entity called GlobalSign.
Since some SSL certificates are more secure than others, check the details of a website’s SSL certificate before sharing personal information, setting up an account, or entering payment details. Checking a site’s certificate is easy, and verifying the domain’s authority helps you keep your data safe.
Why SSL is important
SSL security certificates are important because they tell your browser that the website you’re visiting is trustworthy. Plus, they verify an encrypted connection, which means it’s safe to share private data with sites that have SSLs.
Here are verification and encryption details about the security features of SSL certificates:
Verification
An SSL certificate means a trusted third-party entity has verified the authenticity of a website, checking details like the site’s owner and location. Websites without SSL protection don’t have to reveal any information, making them risky places to visit.
Encryption
Data encryption is the process of scrambling data so it’s undecipherable. Encrypted data can only be unscrambled with a decryption key. Websites without encryption can leave your data exposed and vulnerable to theft.
If your personal info is ever stolen or leaked in a data breach, hackers can use it to commit identity theft or sell your data on the dark web. SSL security helps prevent hackers from abusing your data if it’s ever compromised, because encryption is nearly impossible to crack without a private key. That’s why it’s so important not to share personal details with websites that don’t have SSL certificates.
But, while websites with SSL certificates help keep your data safe, they can only secure your connection with individual websites. You’ll need a VPN to encrypt your entire internet connection to ensure that everything you do online remains safe and secure.
Avast SecureLine VPN provides end-to-end, military-grade encryption for everything you do online. Not only will your data be safe from hackers, but your activity will remain hidden from your employers, your ISP, and anyone else who may want to spy on you. Get Avast SecureLine VPN for comprehensive security and data protection.
How do websites get SSL certificates?
Websites can get a valid SSL certificate through a certificate authority (CA). SSL certificate authorities are trusted, third-party organizations responsible for generating and issuing SSL certificates. After a website provides the necessary information, the CA will verify the site’s ownership and, if authentic, issue the certificate.
The certificate authority also manages the public keys and credentials used by websites and web browsers to encrypt data.
Once issued, the SSL certificate is set up on a website’s server, and the website’s URL will change from http to https, indicating that all its traffic is encrypted. At this point, a web browser can now easily verify the authenticity of a website.
Are SSL certificates free?
Most SSL certificate authorities charge a fee for issuing an SSL certificate. But if you’re a website owner wondering where to get an SSL certificate for free, you don’t have to venture far. Many web hosting services now include free SSL certificates as standard. This is part of a larger effort to promote a safer and more secure internet.
Get high-level security for your personal data with Avast SecureLine VPN
When sending private data to a website, SSL certificates are reassuring. But what about the rest of your internet activity? Avast SecureLine VPN provides bank-grade encryption for all your web traffic, even on unsecured public WiFi networks.
Avast SecureLine VPN safeguards your data from hackers — and it also keeps your activity hidden from ISPs, governments, employers, and anyone else trying to snoop on you. Plus, you can stream all your favorite content without restrictions, wherever you are.