When you open a website page, you see HTTPS initial letters in the URLs of most of them. This means that the SSL cryptographic protocol is supported. A legitimate question is, why do we need to do this? There are constant reports of data leaks and hacker attacks on the web. Attackers can gain access to sensitive information such as bank card numbers (when filling out an order form), passwords, and social security numbers. Such data can be sold on DarkNet or used for their own fraudulent operations. SSL secure connection protocol is designed to make it more difficult for attackers.
SSL certificate: what it is
An SSL certificate is a cryptographic protocol that provides security when establishing a connection between a server and a browser. Individuals and companies can use this technology. The information the certificate contains:
- Name or name of the owner’s organization.
- Serial number.
- Expiration date.
- A copy of the public key.
- Digital signature of the organization that issued the electronic document.
As a result, the certificate allows you to authenticate the website. To find out if the site has SSL, you need to look at the address bar, which will certainly contain the letters HTTPS. The letter S, which is added to HTTP, means “secure”. In the left corner of the address bar is an image of a lock. If there is no certification, an exclamation mark may appear in this space. Most browsers warn users by default if they open pages from non-certified sites.
Why do I need SSL?
The certificate is designed to create a secure connection between the server and the client. The technology allows the encryption of transmitted information. Encryption in this case means making the data unreadable. To read the data, a decryption key is needed. As a result, users can safely enter and transmit sensitive information such as credit card numbers, passwords, and other financial or personal data over the network. Even if intercepted by a hacker, the encrypted data is incomprehensible to them. Only the intended recipient will be able to read the information sent.
What sites are supposed to have certificates
It is mandatory to use a secure connection protocol for sites that provide online banking services. E-mail services and social networks also fall into this category. It is recommended to use SSL for all websites whose owners are interested in maximum protection of their users’ personal data. SSL means that personal data such as passwords and bank cards will not be intercepted by cybercriminals. The certificate significantly increases user confidence in the web resource. At the same time, the site’s ranking in the eyes of search engines increases. For example, such companies as Google, Twitter, Facebook, and Bank of America have been certified.
Does the site need a certificate
The answer to this question depends on the owner’s goals and objectives. If your website is designed to promote products and services, visitors send and receive information that may be confidential. Even if we are talking about a simple blog, it is better to connect an SSL certificate. Then your visitors will be able to trust your web resource. Otherwise, after Google Chrome warns visitors may immediately leave the insecure page.
Advantages of obtaining SSL
Trust in a site without a certificate is a moot point. Most users will not risk their own security by being able to view a web page. Especially when it comes to sending sensitive personal information. A certificate is not 100 percent protection against the loss of sensitive data. However, SSL provides a sufficiently strong level of security. If your password is 123123, SSL will not protect you from brute force. But it does protect against Man-in-the-Middle attacks, where a hacker can intercept the data you send to the server. If you have a strong password and no SSL certificate, a hacker can enter your account without getting into your account. It can take millions of years to figure out a complex password.
When a user visits a site, a secure encrypted connection is established thanks to the certificate. At the same time, information about the site’s web server is provided. The duration of the process is a fraction of a second. Order of operations:
- The browser connects to a site that is secured with SSL. A request is received to identify the web server.
- Sending a copy of the certificate to the browser.
- SSL verification, denying or allowing access to the web resource.
- Launching encrypted session.
Certification is based on three components – a communication protocol, a certificate (credentials to identify the site owner), and a certificate authority, which serves to guarantee the authenticity of the credentials. The validity period of a certificate is 1-5 years, depending on its type.
Websites that have passed the certification procedure rise to higher positions in Google’s rankings. Another important benefit is improved performance thanks to the HTTP/2 protocol (the ability to send multiple requests simultaneously over a single connection). The HTTP/2 protocol also compresses unnecessary headers (page titles). The result is less network load, fewer errors, and more efficient use of network resources. It is important to understand that SSL serves as protection for the data that is transmitted over the network, not for the site.
How to get SSL
There are different ways to get certified. You can get SSL for free or as part of a plan offered by your provider. Any hoster provides SSL certificates, being a reseller of a certificate authority. It is a body that issues certificates. Certification authorities sign an electronic document with encrypted keys. The procedure of reception can be paid or free. After the certificate is created, it is installed on the web server of the site. If you do not have enough technical knowledge and skills, the provider will help you with this task. Once the certificate is enabled on the server, all traffic passing through the site will be encrypted. Procedure for obtaining SSL:
- Set up the server.
- Make sure that you have a unique IP address.
- Update the WHOIS report (a network protocol for obtaining IP addresses and registration data about domain name owners).
- Generate a certificate request – a message from the applicant to the certificate authority.
- Obtain a certificate in digital format and a public digital key.
Some hosting companies offer SSL for free as part of the package. Or they install a certificate for an additional fee. Therefore, it is important to pay attention to this point when choosing a provider.
A few steps, how to install SSL on VPS, if you have your own IP address (through a dedicated server or a virtual private server). Necessary information about the server
- IP address.
- Server user name (with root or sudo privileges).
- User password or SSH authentication capability.
- Web or mail server software, such as Apache, Nginx, and IIS.
- Operating system version number.
If you have all the necessary information, you can connect to the server and install a web interface to run commands, such as PuTTY (a client for different remote access protocols like SSH or Telnet). Now all that remains is to send a request for an SSL certificate.