The basics of web security
Nowadays, when we surf the web, it often happens that we click on the chosen search result and receive the notification “Unsafe site”. There was no massive hacker attack, nor a reversal of the rules of the web world. It is trivially, in most cases, the lack of an SSL certificate.
What is the SSL certificate
SSL certificates are small data files that digitally bind a cryptographic key to the details of an organization or company. When installed on a web server, a SSL activates the padlock and https protocol and allows secure connections from a web server to a browser, which is trivially what happens every time you browse a website. Typically, the SSL certificate is used to secure credit card transactions, data transfer and logins, and more recently, as already mentioned, it is becoming the norm when securing browsing social media sites or with logins. with the same.
What does the SSL certificate connect?
Two fundamental elements:
- A domain name, server name, or host name.
- An organizational identity (ie the company name) and a position.
An organization must install the SSL certificate on its web server to initiate a secure session with browsers. Once a secure connection is established, all web traffic between the web server and the web browser will be protected.
When a certificate is successfully installed on your server, the application protocol (also known as HTTP) will change to HTTPS, where the “S” stands for “secure”.
How does an SSL certificate work?
SSL certificates use something called public key cryptography. It’s scary but it’s simpler than you think.
This particular type of encryption exploits the power of two keys which are nothing more than long strings of numbers generated randomly. One is called a private key and the other is called a public key. A public key is known to the server and is available in the public domain. It can be used to encrypt any message. If Paola is sending a message to Giovanni, for example, she will lock it with Giovanni’s public key, but the only way to decrypt it will be by unlocking it with Giovanni’s private key. Giovanni is therefore the only one who has his private key, so Giovanni is also the only one who can use this key to unlock Paola’s message. If a hacker intercepts the message before Giovanni unlocks it, all he gets is a cryptographic code that he can’t crack, even with the power of a supercomputer. Simple isn’t it? It’s actually a bit more complex than that but we wanted to be very clear on the process of operation.
Let’s translate this example into terms of a website where communication takes place between a website and a server. Your website and your server are Giovanni and Paola.
Why do I need an SSL certificate?
SSL certificates protect your sensitive information such as credit card information, usernames, passwords etc. Furthermore:
- Keep data safe between servers
- Increase your ranking on Google
- Build / increase customer trust
- Improve conversion rates
In a nutshell, this means having a secure site and a more trusting relationship with your customers.
Where can I buy an SSL certificate?
SSL certificates must be issued by a trusted certification authority (CA). Browsers, operating systems, and mobile devices maintain lists of trusted CA root certificates.
The root certificate must be present on the end user’s machine for the certificate to be trusted (this is why we are often asked to download it if we don’t have automatic download enabled). If it is not trusted, the browser will present error messages stating that the website is not trusted by the end user. In the case of e-commerce, such error messages cause an immediate lack of trust in the website and organizations risk losing consumer trust and blowing up the deal.
An SSL certificate is therefore synonymous with web security but also with the trust and protection of the company towards its customers. It is therefore appropriate to purchase and install it to avoid image, safety and, ultimately, economic penalties.