SSL/TLS-certificate: what is it, how does it work, and how to learn if a web-site has it?

The Analytical department of Falcongaze often writes about privacy policies and security measures of different apps and services. Many of them use SSL/TLS-certificate which points out that a web-site’s connection is secure. Is that so, how does the certificate work, and how to understand that a web-site has it – we tried to answer these questions.

What is SSL/TLS-certificate?

SSL stands for Secure Sockets Layer, and TLS stands for Transport Layer Security. The certificate is a security technology that encrypts the connection between a browser and a server. Due to the certificate, it is far more difficult for malicious actors to steal or spoof users’ data. SSL/TLS-certificate is set up on a server. It also helps to check web-site’s authenticity.  

You can come up with a question: what is the difference between certificates SSL and TLS? But there is no difference. TLS 1.0 was created as an update to SSL 3.0 instead of SSL 4.0. It was also done to point out that certificate developing has no more to do with the company Netscape. Netscape was the one to produce the first SSL. The name “SSL-certificate” is more popular because it is more comfortable for people to use it.

How does the certificate work?

To set up https-connection between a browser and a client, the “SSL Handshake” is used. At first, a server and a client agree on cipher suite (a suite of algorithms that define the secure connection settings). Then the server sends to the client the SSL-certificate. The client authenticates it – if everything is OK, the session key is created.

And we have come to SSL-cryptography. To set up SSL-connection, one symmetric (session) key and two asymmetric keys are required.

  • The symmetric key encrypts and decrypts a message. It can be 128-bits or 256-bits in length. The longer the key is, the more difficult it is to hack it. The length of the key depends on a server’s and a client’s software abilities.
  • When asymmetric encryption happens, two keys are generated – a public key and a private key. The public key encrypts data, the private key decrypts them. The private key is stored on the server. Asymmetric keys can be 1024-bits or 2048-bits in length.

The public key encrypts the session key which then is transmitted to the server. The server decrypts the message using the private key and stores the session key. The secure connection https is set after that. When a user closes a tab with a web-site, the session key will be removed.

The process usually takes a few hundred milliseconds.

“Kaspersky Lab” warns that although the encryption is a good practice, because the third-parties won’t gain information, the certificate tells nothing about the web-site itself. Hackers may create a phishing page, get certificate, and encrypt all data transmitted between a sever and a user. That’s why you should always check a domain name, because it may differ just for one letter from an original domain name.

Are all SSL-certificates identical?

SSL-certificates are of different types. It depends on the number of domain names and subdomains owned. There are single-name certificates, wildcard-certificates which are used for a domain and its subdomains, and multi-domain certificates used to protect several domain names and servers.

Based on validation level, SSL-certificates can be:

  • Domain Validation (DM). It is used to confirm a domain name. Often news web-sites and blogs have this type of SSL-certificate. However, it has a low level of credibility.
  • Organization Validation (OV) confirms several data of a domain name owner (the company, physical address, and a domain name). It has a medium level of credibility.
  • Extended Validation (EV) is necessary for companies that have sensitive data. It is of the highest security level. To get this certificate, the company has to get through verification process of corporate documents, client’s identity etc.

How to learn if a web-site has SSL-certificate?

There will be several visual tips – a lock near an address bar, an URL-address will include https instead of http. If a web-site has EV-certificate, you will see a green bar. 

Important publications

What is UBA? 6 August 2019
What is DLP systems? 13 February 2019