Role and mechanism of SSL certificates
table of contents
My name is Nakagawa from the System Solutions Department.
Recently I've been working a lot on SSL server certificates, so I decided to look into how they work.
What is an SSL server certificate?
First of all, what is an SSL server certificate?
Its main role is
to encrypt communication of personal information and to verify the identity of the business owner or company operating the site SSL (Secure Sockets Layer) is a technology that encrypts information communication between a computer and a server.
you can safely exchange personal information, credit card information, etc.
even when shopping online or using services that require login information It also protects important data from eavesdropping, tampering, and spoofing by third parties.
How to identify sites that have SSL installed
So what kind of sites have certificates installed?
It's easy to understand if you check the URL field.
The browser URL starts with "https" and there is a lock mark in the URL field.
The entire site is encrypted, so information can be exchanged safely.
By clicking this lock mark, you can check the contents and expiration date of the installed certificate.
The display method differs depending on the browser.
The browser URL starts with "https", but there is no lock mark in the browser URL
Either the certificate itself is not installed, or the certificate is installed but
the communication within the site is divided into encrypted and non-encrypted ones.
The browser URL starts with "https" and there is a red icon in the URL field.
This means that the certificate is not installed or the certificate has expired.
Certificate issuance and installation flow
So how can you use the certificate?
To use it, you need to
apply to the certificate authority that issues the certificate Although there are differences depending on the certificate authority and type of certificate, the basic issuing procedure is as follows.
- Apply to certification authority
- Examination at certification authority
- Certificate issuance/delivery
- Install on server
The more reliable a product is, the more time-consuming and labor-intensive approval review is required.
Confirmation of existence
The reason why a certification authority examination is necessary to issue a certificate
is to investigate whether there is a business owner or company operating the site.
All sites are basically open to the outside world, so to speak, and the source code is open to the public, so
it is not impossible to create a fake site that imitates the real site.
Therefore, in order to confirm the legitimacy of the site, the following examination is necessary.
If the following examination is OK, a certificate will be issued for the domain you applied for.
- Is the domain you applied for owned by the applicant?
- Whether the applicant is an existing business owner or company
If a certificate is issued, it means that the domain is operated by a reliable administrator.
However, the examination conducted here is only to confirm whether the business owner/company actually exists.
Whether or not you can trust the business owner/company that operates the site is another matter.
What did you think?
We introduced the behind-the-scenes aspects of how you can safely exchange personal information on the sites you use casually.
Thank you for reading this far!