Tuesday, May 5, 2020

SSL certificate, what it is and how it works


The SSL certificate is used to transmit information securely, protecting user data from fraud, identity theft and phishing . (In this article you will find more information on Phishing and how to defend yourself) SSL

Certificates , considered mandatory for some time now, are used both to authenticate the identity of a website and to encrypt information sent to the server. In other words, they protect communications via the Internet in such a way that sensitive information provided by users on the web, such as passwords or personal data, remains confidential and cannot be intercepted by third parties. There are 3 main types of SSL certificates:

·         Domain level validation that certifies only the internet domain and can only be requested by the domain owner
·         Organization level validation that certifies a company's ownership of the site and can be requested by authorized representatives of the company
·         Extended validation that offers the greatest degree of security and reliability of a website

In any case, the SSL certificate contains precise information on:

name of the holder of the certificate
·         Serial number
·         Expiry date of the certificate
·         Copy of the public key of the certificate holder
·         Digital signature of the certificate issuing authority
After obtaining and implementing the SSL certificate on your site in the browser navigation bar, the domain name will be preceded by a lock icon to demonstrate that the connection is secure.

What is the HTTPS protocol

HTTPS, which stands for H yper T ext T ransfer P rotocol Secure , is a secure communication protocol that creates an encrypted connection between the user and the website.
Data sent via HTTPS cannot be changed or damaged in the transfer without anyone noticing. Finally (and last but not least) the HTTPS protocol serves to authenticate the identity of a website, transmitting greater confidence to the user, which is fundamental especially when the site in question is an e-commerce.

Computer encryption

Internet communication security uses encryption, which literally means "hidden writing". Thanks to encryption, therefore, the information that users write in the clear is transformed into an encrypted form and therefore is readable only to those who have the key to decipher it.

In the IT field, two types of cryptography are distinguished:

·         Symmetric , it uses the same key both to create and to decode the ciphertext
·         Asymmetric , use two different keys to encrypt and decrypt the text

The effective safety certificates

To implement the HTTPS protocol it is necessary to obtain a safety certificate issued by a certification authority that adopts certain measures to verify the website's membership in a specific organization.
Several certificates are available and it is important to choose the optimal one for your website. You can choose between three different options:
1.       Single certificate for a single protected origin
2.       Multi-domain certificate for several known protected origins
3.       Wildcard certificate
In addition, to implement the HTTPS protocol we recommend:
Use server-side 301 redirects
So that all the pages, previously indexed with the http protocol, also respond in https

Check the crawl and index ability 

Google must be able to crawl and index HTTPS pages, for this it is necessary not to block them using robots.txt files, not to include no index meta tags in HTTPS pages and finally to use the URL Control tool to verify that Googlebot is able to access your pages.

Implement HSTS support

Which instructs the browser to request HTTPS pages automatically - even if the user enters http in the address bar - and to Google to publish protected URLs in the search results.

Free SSL certificate

SSL certificates can be obtained for free. The difference with a paid one is the level of protection, for this reason the former are more suitable for personal projects such as a blog.

Those who want a free certificate can evaluate Let's Encrypt , proposed by a non-profit Certificate Authority. Let's Encrypt has several limitations compared to a commercial certificate, for example it only offers domain validation, does not control domain ownership, does not extend certification to third levels and does not offer support.

Those who manage an e-commerce therefore cannot be satisfied with a free SSL certificate that does not offer a level of security that guarantees maximum peace of mind to their customers.

SSL certificate for e-commerce

It is now clear that for an e-commerce site it is necessary to have highly effective certificates, and security pays off.

Not all paid SSL certificates are the same and the price is also different. The higher the level of protection offered, the higher its cost.

Here is a list of some of the SSL certificates that can be used by an e-commerce, but also by other types of websites:
1.       RapidSSL certificates
2.       Thawte certified
3.       GeoTrust certified
4.       Comfortable Certificates
5.       Actalis certificates

No comments:

Post a Comment