Hello Sunil
What is SSL, TLS and HTTPS

What is SSL,TLS and HTTPS?

While visiting any banking site such as HDFC, ICICI and SBI we always more conscious about security. We do not want any third party steal our money while we transfer online. This assurance comes true when you see a badge like SSL/TLS with a big lock on banking websites. But have you ever wondered what does actually it mean for you?

HDFC bank SSL badge

These days not only banking websites but also almost all eCommerce websites like Amazon, Flipkart having secured with SSL/TLS. In today’s article we will understand its basic definition, some FAQ’s, benefits and glossary of SSL, TLS and HTTPS. Okey! let’s the ball rolling.

SSL:  

Definition:

SSL is an abbreviation of “Secure Sockets Layer”. in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.

Explanation:

When you are visiting a website page which has a form to fill up, for example  University online exam form. Once you are filling this online form and hit submit button this information can be tracked easily by a hacker if the website is not secured by SSL.

But how hacker able to do it ? What actually happens a hacker places a small unidentifiable listening program on the sever hosting a website. That program waits in the background until a visitor starts typing information on the website form, once it get some sense that something is happening then it quickly activate itself and start capturing the information and then send it back to the hacker. Are you scared now ??

But when you visit a website which is encrypted with SSL, the browser will first request the web server identity itself. This prompts the web server to send the browser a copy of the SSL Certificate. The browser checks to see if the SSL Certificate is trusted  (This is known as the SSL handshake)- if the SSL Certificate is trusted, then the browser sends a message to the Web server. The server then responds to the browser with a digitally signed acknowledgement to start an SSL encrypted session. The browser displays a padlock icon in the URL, indicating the website is secure and can be communicated with. This allows encrypted data to be shared between the browser and the server. You may notice that your browsing session now starts with https. Further communication between the browser and the site is encrypted. Information passed between the two parties can only be deciphered by the two parties involved. Hackers will not be able to decode any information passed between the two entities.

What are the benefits of using SSL?

  • Built trust with your visitors
  • Increase traffic to your website
  • Preventing any intruder from reading the information transferred.
  • Avoiding misuse of vital information like credit card numbers, financial information, addresses and names
  • Safeguarding sensitive data being transferred between browser and server

What is an SSL certificate?

The SSL protocol requires authentication from both end like server and the browser to secure a connection. This is where the SSL certificate comes in.

The SSL certificate is issued by a trusted Certificate Authority (CA). It helps to ensure that you are dealing with the right website or person through a secured connection.

Information about the owner contained in a certificate, includes:

Issued to
Issued by
Start date
Expire date
Domain name
Certificate authority name

Sample Certificate

Where can I get an SSL certificate for my website?

SSL certificates can be purchased from certificate authorities. An SSL certificate will only be recognized by internet browsers and mobile devices if it is signed by a trusted certificate authority (CA). If it is not, then the end-user will see error messages when they connect to the site. The first step of applying for a certificate is for the website owner to generate a Certificate Signing Request (CSR) on their webserver. They will submit this signing request to the CA, along with their company name, business address and other details. The CA will issue the certificate after validating the identity of the organization.

Few notable certificate authority (CA) are Digicert, GeoTrust, Thawte, RapidSSL, Comodo, GlobalSign, Let’s encrypt etc.

Now its mandatory by Google Chrome browser that your website must have SSL certificate else it will mark your website as not secure which can create customer/rereads dissatisfaction. You can add a free SSL certificate to your website with this step by step method which will certainly help you to secure your website.

What does SSL mean to visitors?

A domain validated SSL certificate indicates that the connection between the user and the website is securely encrypted. All information exchanged between the user and the website is secure and cannot be intercepted and read by a malicious third party. However, domain validated certificates do not vouchsafe the identity of the website owner. The information is encrypted, but users have no idea whether the website to that they are sending their data to is a trustworthy business. Organization validated (OV) and Extended Validation (EV) certificates provide both encryption and assurance that the website can be trusted. This is because OV and EV certificates are not issued until background checks have been carried out on the owner of the website. Additional information in OV and EV certificates includes the full business name and their registered address. These details improve the online reputation of the organization in the eyes of web browsers as well as users. And the more legitimate a website appears, the more business it will generate.

TLS:  

Definition:

TLS is an abbreviation of “Transport Layer Security”. It is an updated and more secure version of SSL. Just like SSL, TLS provides authentication and data encryption between machines, servers and applications. The latest version of TLS is 1.3.

HTTPS:  

Definition:

HTTPS is an abbreviation of “Hyper Text Transfer Protocol Secure” which appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner can be viewed by clicking on the lock symbol on the browser bar.

If a website has an SSL certificate, the URL will start with “https” instead of “http”.

I have mentioned basic definition of SSL, TLS and how it is related to  HTTPS but now I am going to explain some of SSL glossary which are frequently used while we discusses about the subject of SSL.

Certification authority (CA):

Entity authorized to issue, suspend, renew, or revoke certificates.

Certificate signing request (CSR):

A CSR usually contains the public key and distinguished name of the requester.

Connection error:

When security issues preventing a secure session to start are flagged up while trying to access a site.

Domain Validation (DV) SSL Certificates:

The most basic level of SSL certificate, only domain name ownership is validated before the certificate is issued.

Extended Validation (EV) SSL Certificates:

The most comprehensive form of secure certificate which validates domain, require very strict authentication of the company and highlights it in the address bar

Organization Validation (OV) SSL Certificates:

A type of SSL certificate that validates ownership of the domain and the existence of the organization behind it.

Public key infrastructure (PKI):

The PKI consists of systems that collaborate to provide and implement the public key cryptographic system, and possibly other related services.

SAN (Subject Alternative Name) SSL certificates:

Type of certificate which allows multiple domains to be secured with one SSL certificate.

Wildcard SSL certificates:

Type of certificate used to secure multiple subdomains.

Now we are end of this article and its time to wrap up. Considering the increasing necessity of online security, website owners should ensure their websites have the most current security, and clients need to use the most current browsers that support the latest TLS protocol. If you like this article then you can put your thoughts under comment as well as you can follow me on twitter.

Similar articles you may like

Was this article helpful to you?
[Total: 0 Average: 0]

 

Sunil Pradhan

Sunil is a front-end developer, illustrator and an online entrepreneur. He is the founder of "Hello Sunil" where he shares his love of technology with the world. He loves to write technical how-tos and tutorials. He is open minded and willing to explore beyond his knowledge.

2 comments

  • Give Your Website Users a Voice. Let your readers voice their opinions in a fun, fast and easy way. Improve your user retention, website SEO, and get more conversions. Add Voice Comments to your Website for Free Today (URL Removed due to TOS violation)