Role and mechanism of SSL certificates
table of contents
My name is Nakagawa and I work in the System Solutions Department.
I've been working a lot with SSL server certificates lately, so I decided to look into how they work.
What is an SSL server certificate?
First of all, what is an SSL server certificate?
Its main role is
to encrypt the communication of personal information and to verify the identity of the business owner or company operating the website SSL (Secure Sockets Layer) is a technology that encrypts information communication between a computer and a server.
Using SSL
allows you to safely exchange personal information, credit card information, and other data even when shopping online or using services that require login information.
It also protects important data from eavesdropping, tampering, and impersonation by third parties.
How to identify sites that have SSL installed
So what kind of sites have certificates installed?
It's easy to find out by checking the URL field.
The URL in your browser begins with "https" and there is a lock symbol in the URL field
The entire site is encrypted, allowing for secure communication.
Clicking on this padlock icon will allow you to check the details of the certificate and its expiration date.
The display method will vary depending on the browser.
The browser URL begins with "https", but there is no lock symbol in the browser URL
Some sites do not have a certificate installed, while others have one
but the internal communication is encrypted, while others do not.
The URL in your browser begins with "https" and there is a red icon in the URL field
This means that either the certificate is not installed or the certificate has expired
Certificate issuance and installation process
So how can you use a certificate?
To use one, you need to
apply to the certificate authority that issues the certificate Although the process varies depending on the certificate authority and type of certificate, the basic issuance procedure is as follows:
- Apply to a certification authority
- Certification Authority Review
- Certificate issuance and delivery
- Install on the server
The more reliable something is, the more time-consuming and laborious approval review is required
Reality check
The reason why a certification authority needs to review a site in order to issue a certificate
is to investigate whether there is a business owner or company operating the site.
Since all of these sites are basically publicly available, and their source code is essentially public,
it is not impossible to create a fake site that imitates the real site.
Therefore, to confirm the legitimacy of the site, the following inspection is required.
If the inspection below is successful, a certificate will be issued for the applied domain.
- The domain you applied for is owned by you
- Is the applicant a real business owner or company?
Issuing a certificate means that the domain is operated by a trusted administrator.
However, the review only verifies whether the owner or company is a real entity. This
is a separate issue from whether the owner or company operating the site is trustworthy.
We hope you enjoyed this article.
We've introduced you to the secrets of how you can safely exchange personal information on the sites you use every day.
Thank you for reading this far!
0
Loading...0 
The person who wrote this article
About the author
