Securing your Website Through SSL
When you have users coming to your site and inputting private information, you want them to know that your site is secure. After all, a reliable website can protect you and your users from anyone who is trying to steal information. Unfortunately, there are people out there who are actively trying to gain personal information from users through sifting data from an unsecure connection. Fortunately, these security breaches can be protected against by using SSL (Secure Sockets Layer) security.
Who Uses SSL?
SSL security is used by the vast majority of sites that keep or transmit client information. Anyone from online merchants, remote workers on a VPN (Virtual Private Network), and banks use this security measure as it’s the most secure method of transmission.
Recently, there has been a move toward making SSL the standard with the green address bars (which also require extended validation), HTTPS, and HTTP/2. This allows the customer to actually see that your site can be trusted.
How Does SSL Work?
SSL is essentially an encryption and decryption method that requires an initial “handshake” between the user’s browser and your website. This handshake is comprised of several steps that all must take place in order before even the first byte of information is transmitted between your site and the user, or vice versa.
Before your server is even accessed, the user’s browser looks at what is known as an SSL Certificate. The browser checks the expiration of the certificate, ensures that it is not expired, is from a Certification Authority that the browser trusts, and is being used by the website for which it has been issued.
If a browser notices a problem with any of these parts of the certification verification steps, the user will see a message stating that the certificate isn’t valid.
Once a certificate is verified, there is what’s known as a “handshake” between the browser and your website. This handshake consists of two messages, a “ClientHello” from the browser and a “ServerHello” message from the server.
Through this process, and before a single byte of information is transferred from the user to your site, or vice versa, the handshake needs to be completed. This consists of the browser and the site sending information on the highest level of security they support, a random number, and various “languages” they are able to decrypt. Once the languages and security measures are in place, the random number is added to the coded algorithm they will both use to encrypt and decrypt the information being sent.
This security ensures that, even if an attacker knows the security language, they are unable to decrypt information because they don’t have the random number agreed upon by your website and the user’s browser.
How Does Someone Get an SSL Certification?
To get an SSL Certification for your site, you must visit an organization that will certify your site. They will ask a number of questions about your identity, your site’s identity, and the website itself. They will then develop two keys, one public and one private.
The public key isn’t secret and is associated with the SSL Certificate for browsers to look at. The private key is used only for the SSL server and determines what languages can be used for the site and how the aforementioned handshake is performed.
Contact CTG Technology if you need any SSL or managed IT questions or needs.