Courtland and the Mystery of the SSL Certificate

Courtland - The Mystery of SSL Certificates What is an SSL Certificate?

When someone views a website, clicks buttons, fills out a form, or otherwise interacts with the website, digital information flows back and forth between the computer that the website resides on (the web server), and the visitor’s computer. That information doesn’t really travel directly between the two computers, but instead it gets passed from computer to computer (through the network infrastructure of the Internet) until it reaches its destination. 

It is on this travel route that the information is vulnerable to snooping by third parties. Here’s where your SSL certificate comes into play.

Securing information as it travels is a difficult problem. How can you be sure that you are talking to the right listener, if you are not physically present? And how can you be sure that nobody else can listen in to the conversation?

Secure Sockets Layer (SSL) – and its successor, Transport Layer Security (TLS) – are cryptographic methods used to secure the information as it travels. They are also used to verify the identity of the computer being connected to before setting up the communication channel. 

To quote Wikipedia, “certificate authorities and a public key infrastructure are necessary to verify the relation between a certificate and its owner, as well as to generate, sign, and administer the validity of certificates.” [ https://en.wikipedia.org/wiki/Transport_Layer_Security ]

SSL certificates are issued by certificate authorities to companies, organizations, or legally accountable individuals to verify the identity and ensure a more secure transaction.

Why does your website need an SSL?

When a web browser connects to a website via https (as opposed to http), the browser does the following:

  • Retrieves the SSL certificate from the web server
  • Checks that the certificate is being used by the website for which it was issued
  • Checks that the certificate has not expired
  • Checks that the certificate was issued by an authority that the browser trusts
  • Establishes a secure communications channel between the browser and the web server

If all the checks pass, the browser will indicate that the connection to the site is secure, typically with some sort of lock icon. If any of these checks

If any of these checks fail, the browser will issue a warning. Customers and visitors are familiar with this functionality, and they expect that any sensitive business

Customers and visitors are familiar with this functionality, and they expect that any sensitive business done on the web – for example, banking, online purchases, and submission of personal information -will be done using https. Your customers, visitors, members – anyone who needs to talk to you in a secure fashion – expects this functionality, and will go elsewhere if they don’t find it. 

Your customers, visitors, members – anyone who needs to talk to you in a secure fashion – expects this functionality, and will go elsewhere if they don’t find it. That’s why you need an SSL certificate.

Have a web-related mystery that you would like solved? Let us help with the sleuthing. Email us: contactus@courtlandconsulting.com.