An SSL Certificate (also known as digital certificate) is a digitally signed certification by an established authority to confirm the identity of your website/business and uses encryption to send/receive data between your website and its visitors. It is issued for a domain by a trusted authority referred as Certificate Authority (CA). Example CAs are Comodo and Thawte.
The Certification Authority (CA) signs the certificate with their own private key. An SSL/Digital Certificate typically contains the following information:
An SSL certificate allows you to establish your credentials when doing business or other transactions on the Web. It is generally used when a website wants to accept sensitive information like passwords, credit card details and other sensitive information. The SSL Certificate protects your customer's personal data including passwords, credit cards and identity information. Thus, getting an SSL certificate for your website is the easiest way to increase your customer's confidence in your online business.
SSL/Digital Certificates, bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information. A Digital Certificate makes it possible to verify someone's claim that they have the right to use a given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction.
If you come across a website whose url begins with https://, you can view the website's SSL Certificate by clicking on the lock icon in the address bar of your browser.
An SSL Certificate does 2 things:
By doing these 2 things, an SSL Certificate protects your customers and in turn increases their trust in your online business. This is especially important if your website requires users to login using passwords or enter sensitive information such as credit card details. Many customers actively look for the SSL lock icon before handing over sensitive data.
Digital Certificates can be used for a variety of electronic transactions including e-mail, electronic commerce, groupware and electronic funds transfers. If you are running an online e-commerce website, an electronic banking website or any other electronic services website then customers may abandon your website due to concerns about privacy and security. You will hence need to provide secure access to your website visitors via https protocol. To do this you will need to setup your website on a dedicated IP address and install a valid digital certificate on your hosting server.
For example: A customer shopping at an online store requests the Digital Certificate of the server to authenticate the identity of the store operator and the content provided by the merchant. Without authenticating the server, the shopper would not trust the operator or merchant with sensitive information like a credit card number. The Digital Certificate is instrumental in establishing a secure channel for communicating any sensitive information back to the store operator. Thus, a server with its own Digital Certificate assures users that the server is run by the organization it claims to be affiliated with and that the content provided is legitimate.
Yet another advantage of having a digital certificate for your website is, better SEO rankings. Google gives higher rankings to websites secured with SSL certificates. Which means SSL certificates are critical if you are serious about your online business.
Certifying authorities provide SSL certificates in a few variety of branded names, each serving a specific purpose. For example, Comodo sells a basic SSL certificate in the name of Positive SSL while Thawte sells an equivalent certificate named as SSL123 Certificate. Likewise, a wildcard SSL certificate is named as Positive SSL Wildcard by Comodo and Wildcard Server Certificate by Thawte.
Broadly there are two types of SSL certificates:
Other premium variants of the above two types of certificates may be available with higher encryption, better browser compatibilities, and much deeper verification of your business, thus making your website business more trustworthy.
A Digital Certificate by itself can be used to secure a domain name on a single server only. Each additional server that you plan to host your domain name on, would also need to be similarly secured; and that is where an Additional License is needed. It licenses usage of the same digital certificate across multiple servers.
The advantage of buying Additional Licenses as compared to multiple digital certificates is that, it removes the delay in issuance caused due to generation of a Certificate Signing Request (CSR), completing the Enrollment process and then undergoing the authentication process conducted by the CA. Moreover, Additional Licenses work out to be a much cheaper solution than buying individual digital certificates.
To be issued an SSL Certificate, you need to purchase one from a web service provider and then go through a process that entails the following:
As a first step you place an order for an ssl certificate with the web service provider. While placing order, you will need to specify the exact domain name for which you require the ssl certificate. For example, if you need to secure store.yourwebsitename.com, you should specify store.yourwebsitename.com while placing order and not www.yourwebsitename.com. Once your order has been executed by the service provider, you will be provided with a control panel from where you can apply for your certificate.
Prior to applying/enrolling for a Certificate with the CA, you must generate a minimum of 2048-bit Private Key and CSR pair from your hosting server. Digital IDs make use of a technology called Public Key Cryptography, which uses Public and Private Key files. The Public Key, also known as a Certificate Signature Request (CSR), is the key that will be sent to the CA. The Public Key is generated on your server and validates the computer-specific information about your web server and Organization when you request a Certificate from a CA.
The Private Key will remain on your hosting server and should never be released into the public. Even the Certifying Authority will not have access to your Private Key. It is generated locally on your server and is never transmitted to the CA or any browser visiting your website. The integrity of your Digital ID depends on your Private Key being controlled exclusively by you.
A CSR cannot be generated without generating a Private Key file. Similarly the Private Key file cannot be generated without generating a CSR file. In certain web server software platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server.
Most hosting service providers provide you with a hosting management control panel which has an SSL/TLS Manager interface using which you can generate your CSR - private key pair. You will be required to enter certain relevant details about your organization while generating the CSR. On completion of this process, your hosting server will generate an encoded file, viz. your CSR. This CSR can now be used to submit your SSL Certificate application to the Certificate Authority. This exercise can be overwhelming. Hence, taking help from your hosting provider for this is advisable.
After you have generated a minimum of 2048-bit Private Key and CSR pair from your web hosting server, the next step is to submit your Enrollment information to the CA for the CA to verify your information and issue the Digital certificate to you. The enrollment is done from the interface that the web service provider will provide to you after you have purchased the SSL certificate.
Enrollment essentially requires you to submit a form wherein you provide relevant details about your organization such as Organization name, Contact details, Admin email address, Approver Email Address, etc. There is also a text box in the form where you include your CSR (which is essentially an encoded text string). The contact details that you provide here must match with the ones available in your domain's whois lookup. Also, you must ensure that prior to enrollment, your domain is not privacy protected and that it's whois information is publicly visible. Subsequently, after the certificate is issued to you, you may re-enable your domain's privacy protection.
After you have submitted the enrollment form, the Certifying Authority will now carry out a verification of your organization and the information you have submitted. If required, they may call you at your specified phone number for additional verification of your business. This process is much faster and usually automatic when you apply for a basic ssl certificate. Subsequently, after the CA is satisfied with the verification, you will receive an email from the CA to approve the issue of ssl certificate. Follow the instructions in the email to grant your approval. After you have done the approval, you will receive an email from the CA informing you that your certificate has been issued. The email will also contain information on how you can retrieve the issued certificate.
Below image shows how your issued ssl certificate will look:
This is the final step wherein you need to install the issued certificate on your hosting server. Additionally, you will also need to install the SSL Certificate of the Certificate Authority (known as the CA bundle). The CA bundle contains root and intermediate certificates of the CA and is available for download from the website of the CA.
Depending upon the web server where you intend to install your SSL Certificate, you need to refer to the appropriate instructions provided by your hosting service provider. Again certificate installation may be overwhelming and you will be better off if you seek the assistance of your hosting provider for this exercise.
Once successfully installed, your website will become accessible via https://....
I hope this article would have given you an overall insight about SSL certificates and how you can go about getting one for your website. You may click here to buy an SSL certificate for your website.
CEO, Computer Solutions
Rajeev Kumar is the primary author of How2Lab. He is a B.Tech. from IIT Kanpur with several years of experience in IT education and Software development. He has taught a wide spectrum of people including fresh young talents, students of XLRI, industry professionals, and govt. officials.
Rajeev has founded Computer Solutions & WebServicesWorldwide.com, and has hands-on experience of building variety of web applications and portals, that include - SAAS based ERP & e-commerce systems, independent B2B, B2C, Matrimonial & Job portals, and many more.