what-is-an-ssl-certificate What is an SSL Certificate? ssl-1 SSL certificates are what enable websites to move from HTTP to HTTPS , which is more secure. An SSL certificate is a data file hosted on a website's origin server. SSL certificates make SSL/TLS encryption possible and contain the website's public key and the website's identity, along with related information. Devices attempting to communicate with the origin server will refer to this file to obtain the public key and verify the server's identity. The private key is kept secret and secure.
What is SSL? SSL, more commonly known as TLS, is a protocol for encrypting internet traffic and verifying server identity. Any website with an HTTPS web address uses SSL/TLS. See what is SSL? and what is TLS? to learn more.
What information does an SSL certificate contain? SSL certificates include:
The domain name for which the certificate was issued The person, organization, or device it was issued to Which certificate authority issued it The digital signature of the certificate authority Associated subdomains Issue date of the certificate Expiration date of the certificate The public key (the private key is kept secret)
The public and private keys used in SSL are essentially long strings of characters used to encrypt and sign data. Data encrypted with the public key can only be decrypted using the private key.
Why do websites need an SSL certificate? A website needs an SSL certificate in order to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and gain user trust.
Encryption: SSL/TLS encryption is made possible by the public-private key pairing that SSL certificates facilitate. Clients (such as web browsers) obtain the public key necessary to open a TLS connection from a server's SSL certificate.
Also: Authentication: SSL certificates verify that the client is talking to the correct server that actually owns the domain. This helps prevent domain spoofing and other types of attacks.
HTTPS: Most importantly for businesses, an SSL certificate is necessary for an HTTPS web address. HTTPS is the secure form of HTTP, and HTTPS websites are websites whose traffic is encrypted by SSL/TLS.
Therefore: In addition to securing user data in transit, HTTPS makes sites more trustworthy from a user's perspective. Many users will not notice the difference between an http:// and an https:// web address, but most browsers mark HTTP sites as “not secure” in noticeable ways, in an attempt to provide an incentive to switch to HTTPS and increase security.
ssl-certificate-not-secure-browsing How does a website obtain an SSL certificate? For an SSL certificate to be valid, domains need to obtain it from a certificate authority (CA). A certificate authority (CA) is an outside organization, a trusted third party, that generates and issues SSL certificates. The CA will also digitally sign the certificate with its own private key, allowing client devices to verify it. Most, but not all, CAs will charge a fee for issuing an SSL certificate.
Once the certificate is issued, it needs to be installed and activated on the website's origin server. Web hosting services can typically handle this for website operators. Once activated on the origin server, the website will be able to load over HTTPS and all traffic to and from the website will be encrypted and secured.
What is a self-signed SSL certificate? Technically, anyone can create their own SSL certificate by generating a public-private key pairing and including all the information mentioned above. Such certificates are called self-signed certificates because the digital signature used, instead of being from a CA, would be the website's own private key.
Therefore
With self-signed certificates, there is no external authority to verify that the origin server is who it claims to be. Browsers do not consider self-signed certificates trustworthy and may still mark sites as “not secure” despite the https:// URL. They may also terminate the connection entirely, blocking the website from loading.
Is it possible to get a free SSL certificate? SSL/TLS encryption is free, and it was the first company to do so, having launched Universal SSL in September 2014. The free version of SSL shares SSL certificates among multiple customer domains. Dedicated SSL certificates are also available for enterprise customers.
For example: To obtain a free SSL certificate, domain owners need to sign up and select the SSL option in their SSL settings. This article contains more guidance on setting up SSL. Check to make sure SSL encryption is working correctly on a website.
