What is a SSL/TLS Certificate?

unic0de
Are you secured?

What is SSL/TLS?

Have you ever wondered if the information you exchange over the web is secure? When you visit a website, you start the communication between your computer’s web browser and the web server the site is hosted on. You want to ensure that this webserver is guarding and encrypting your important personal information.

Brief History

Secure Socket Layer (SSL) was created in 1994 by Netscape and was succeeded by Transport Layer Security (TLS) in 1999. We are currently at TLS 1.3 which is was published in August 2018. Although most sites are still utilizing TLS 1.2, TLS 1.3 utilizes stronger message authentication and key-material generation and other encryption algorithms which boosts security, performance, and privacy over it’s predecessor (SSL).

How does it work?

Simply put, the webserver issues a SSL/TLS certificate which acts like a drivers license. You don’t own this drivers license certificate though, the web server does. Once issued to you, it is used to grant you permission (or authenticate your session) to enter their website. All communication with the site is encrypted to protect your personal information. You will most likely notice a site is secured when the padlock icon appears in your web browsers address bar.

This process is called a “handshake.” To provide confidentiality of data exchanged through the handshake, the user and the webserver agree an encryption algorithm and shared secret key is to be used for one session only. Any communication exchanged is encrypted and ensures the data exchanged remains private even if it is intercepted. For example, imagine two business men in black suits. One is a dealer (webserver) and the other is the buyer (user). The buyer visits the dealer who gives him a code-locked briefcase (protected information) and a temporary code (certificate) to unlock it. Only the buyer and dealer knows this temporary code. The buyer unlocks the briefcase with the temporary key and adds more information, exchanges data, etc…then locks the briefcase (encryption) and gives it back to the dealer. Once the dealer receives the locked briefcase and processes the new information received, the deal is terminated when the buyer agrees (website is closed or computer is turned off, session ends). The code for the code-locked briefcase changes thus ensuring the data exchanged is secured. Every time the buyer visits the dealer, he is issued a new temporary code to review or make changes to the data exchanged.

Why it matters?

When you exchange your private information over the web, don’t you want to ensure that it is secured? TLS encrypts information you exchange over the web, thus protecting you, your information, and your identity by preventing cyber attackers from spying on your logins, credit card data, and personal data.

Next time you visit a website even if it looks trustworthy, verify that it is utilizing TLS 1.2 or TLS 1.3. You can do this by checking if there is a padlock icon on your web browser address bar. Depending on your web browser, click on the padlock and click on “more information” to view what version of TLS the webserver is utilizing to encrypt your data.

Sources:
TheSSLStore.com – What is an SSL/TLS Certificate?
IBM – How SSL and TLS provide authentication
Internet Society – TLS Basics
Kinsta – An Overview of TLS 1.3 – Faster and More Secure

Leave a comment