The Analytical department of Falcongaze often writes about privacy policies and security measures of different apps and services. Many of them use SSL/TLS-certificate which points out that a web-site’s connection is secure. Is that so, how does the certificate work, and how to understand that a web-site has it – we tried to answer these questions.
What is SSL/TLS-certificate?
SSL stands for Secure Sockets Layer, and TLS stands for Transport Layer Security. The certificate is a security technology that encrypts the connection between a browser and a server. Due to the certificate, it is far more difficult for malicious actors to steal or spoof users’ data. SSL/TLS-certificate is set up on a server. It also helps to check web-site’s authenticity.
You can come up with a question: what is the difference between certificates SSL and TLS? But there is no difference. TLS 1.0 was created as an update to SSL 3.0 instead of SSL 4.0. It was also done to point out that certificate developing has no more to do with the company Netscape. Netscape was the one to produce the first SSL. The name “SSL-certificate” is more popular because it is more comfortable for people to use it.
How does the certificate work?
To set up https-connection between a browser and a client, the “SSL Handshake” is used. At first, a server and a client agree on cipher suite (a suite of algorithms that define the secure connection settings). Then the server sends to the client the SSL-certificate. The client authenticates it – if everything is OK, the session key is created.
And we have come to SSL-cryptography. To set up SSL-connection, one symmetric (session) key and two asymmetric keys are required.
The public key encrypts the session key which then is transmitted to the server. The server decrypts the message using the private key and stores the session key. The secure connection https is set after that. When a user closes a tab with a web-site, the session key will be removed.
The process usually takes a few hundred milliseconds.
“Kaspersky Lab” warns that although the encryption is a good practice, because the third-parties won’t gain information, the certificate tells nothing about the web-site itself. Hackers may create a phishing page, get certificate, and encrypt all data transmitted between a sever and a user. That’s why you should always check a domain name, because it may differ just for one letter from an original domain name.
Are all SSL-certificates identical?
SSL-certificates are of different types. It depends on the number of domain names and subdomains owned. There are single-name certificates, wildcard-certificates which are used for a domain and its subdomains, and multi-domain certificates used to protect several domain names and servers.
Based on validation level, SSL-certificates can be:
How to learn if a web-site has SSL-certificate?There will be several visual tips – a lock near an address bar, an URL-address will include https instead of http. If a web-site has EV-certificate, you will see a green bar.