To comply with modern security standards, most websites today run as https addresses. The difference between https and http is an encryption certificate, known as an “SSL certificate”. This certificate confirms that the communication between the user (client) and Web server is encrypted. Visitors to the website in question are thereby guaranteed that no third parties can intercept their data exchange. SSL certificates create trust.
Sites encrypted with an SSL certificate can be identified as such by the green padlock in front of the domain.
In the case of “Extended Validation” SSL certificates, the company name is also displayed:
To help guide you through the jungle that is authentication, we’ll answer the following questions in this post: What is an SSL certificate? Why do I need an SSL certificate? Where can I get an SSL certificate? Let’s get started!
SSL stands for “Secure Sockets Layer”. You often also read about SSL/TLS, where TLS stands for “Transport Layer Security”. TLS is the successor of the SSL standard, but the term SSL is the better known of the two. SSL certificates are used wherever a client communicates with a server. In this post, however, we’ll be focusing exclusively on the SSL-certified encryption of websites.
Users visiting a site with an SSL certificate are guaranteed a number of advantages: the authenticity of the website and server, the confidential end-to-end transfer of data, and the integrity of the data transferred.
An SSL certificate is, therefore, an encryption protocol that leverages various cryptographic methods. It is issued by a consortium of trusted institutions – these don’t guarantee security per se, as this is already established in the technology… but it is only classified as “trusted” (e.g. in the Web browser) if it has been issued by one of these institutions, which guarantee that the operator is at least the domain owner (Domain Validation).
While authentication of the communication partners is based on an asymmetric encryption method, data transfer uses a symmetric encryption method.
The asymmetric authentication method uses a public key and a private key: When you type in a domain, for example: anexia-it.com, the browser establishes a connection to the website provider’s Web server and the SSL certificate authenticates the website for the browser using the public key. The public key contains information such as the company name, address, and a contact e-mail address. The user’s browser then sends a random number, which is encrypted by the SSL certificate, and thereby authenticates the user for the Web server (private key).
The symmetric encryption method for data transfer uses the same key for encrypting and decrypting data.
There are three types of SSL certificate:
At Anexia, we offer our customers all three SSL certificate types in the Anexia Engine. The different certificate types differ in terms of the data required; only the EV SSL certificate contains the company name in the browser’s address bar. Below is an overview:
SSL certificates are issued by trusted institutions. The certificates offered in the Anexia Engine are issued by, for example, providers such as Comodo and RapidSSL, to mention a few, but anyone can sell them. However, we recommend ordering your SSL certificate directly from the website provider, to ensure quick and easy integration. In the Anexia Engine, we offer our customers a quick and easy process for ordering SSL certificates.
Since choosing and ordering an SSL certificate can quickly become very confusing, we try to make this as easy as possible for customers. First, two filters are set: the certificate type and term. This leaves just a small selection of the over 200 available certificates to choose from.
Once the customer has decided on a certificate, they are asked for a CSR. CSR stands for “Certificate Signing Request”. This is a coded protocol that contains the required data (e-mail, address, etc.) and the private key signature (see technical details). There are two options here:
Those who don’t wish to create a CSR themselves can fill in a simple request form for a CSR to be generated in the Anexia Engine. Those who’d prefer to create a CSR and private key locally can also simply upload an existing CSR.
The certificate is then automatically requested and the requestor receives an e-mail with the relevant instructions for confirming the process (for OV SSL and EV SSL, this verification process is somewhat more complex). The certificate can then soon afterwards be quickly and easily downloaded in the Anexia Engine and integrated in the Web server.
Once issued, certificates need to be renewed on a regular basis: depending on the contractual agreement, every one, two, or three years. Longer terms are not usual, at least not on the free market. To simplify this process, we offer an AUTO RENEW function in the Anexia Engine, so that customers don’t need to worry about updating their certificates.
Instead, they receive automated e-mail notifications from us when their certificate is due to expire, and all they need to do is quickly confirm by e-mail that they wish to renew, and we take care of the rest in the background. At least for managed services/servers, that is – if the customer manages their server themselves, they, of course, need to carry out this last integration step themselves.
Not only can the Anexia Engine create SSL certificates, it can also be used as a complete cloud management panel. Read here how the Anexia Engine came about, how domain management works with the Anexia Engine, and exactly what CloudLog, our big data log management tool, can do.