What is an SSL certificate? A brief introduction to its role and types

Hello!
I'm Masutani from the System Solutions Department, and I'm obsessed with PUIPUI Molcar and thinking about starting wool felting.

This time, we would like to briefly explain the role and three types of SSL certificates, which Beyond also provides implementation services for and which we often work with!

First, what is SSL?

SSL (Secure Sockets Layer) is a protocol for encrypting and sending data communications over the Internet.
Information such as IDs and passwords, personal information such as names and addresses entered on shopping sites, and credit card information are constantly targeted by malicious third parties.
SSL plays a role in preventing this important information from being eavesdropped on by malicious third parties and preventing the tampering of important information being transmitted.

Although it is written as SSL, TLS is currently the most widely used protocol.
TLS version 1.0 was released in 1999 as a transition from SSL 3.0.
In a sense, TLS is like the successor to SSL.

Although it is often referred to as SSL for convenience, SSL 3.0 has been deprecated
since a serious vulnerability was discovered in 2015. Therefore, even if something is called SSL, most of the time it is now using TLS .

Why did you change your name?

 

HTTPS communication is a protocol that encrypts HTTP communication over the Internet using SSL .
SSL protects communication data, making it impossible for a third party to decipher the contents of the data even if they try to spy on it .
When HTTPS communication is in progress, the URL displayed in the browser bar will start with " https://" lock symbol" will be displayed in the browser bar

has displayed a
Not Secure in the address bar when browsing a site that is not encrypted with SSL This warning is now also displayed in Firefox and Microsoft Edge.

Therefore, if you do not implement SSL, users may become suspicious and wonder, Is this page safe?

What is an SSL certificate?

This is
a digital certificate that verifies the existence of a website operator and encrypts communication data between the browser and the web server After application and review, an SSL certificate is issued by a certification authority such as GlobalSign.

An SSL certificate contains information about the website owner, the keys required for encrypted communication , the certificate authority's signature data

Major certification authorities
include GeoTrust, DigiCert, GlobalSign, and Secom.

An SSL certificate has three functions:

• It can prevent spoofing
• It is possible to prevent information tampering by third parties
• Prevents third parties from stealing information

 

Three Types of SSL Certificates

There are three types of SSL certificates: DV, OV, and EV.
The latter type has stricter screening procedures, making it more difficult to obtain and more expensive, but it also offers greater reliability and security.

Domain Validation (DV)

This certificate is issued after verifying that you have administrative rights to the domain.
We mainly verify that you have administrative rights to the domain using the following methods.

• Email authentication issued by authenticating the "approval email for domain usage rights and certificate issuance" sent to an email address in a domain such as "admin@domain name"
• File authentication: A file containing the authentication information shared by the certification authority is placed in a specified path under the domain's document root.
• DNS authentication that registers specified record values ​​and performs authentication

Domain-validated SSL certificates are relatively easy to obtain, and individuals can also apply for and obtain them

Main uses

• Personal website
• Company website

 

Identity Verification (OV)

In addition to verifying domain management authority, the existence of the company is also verified.
The certificate is issued after
a review of organizational information using a third-party database and a phone call from the certification authority The certificate contains organizational information, which is effective in preventing spoofing.

Main uses

• Company website
• E-commerce site

EV Certification (EV)

The inspection is even more stringent than OV certification .

In addition to verifying domain management authority, examining organizational information using a third-party database, and receiving a phone call from the CA, depending on the CA and plan, applicants may be required to submit a " Certificate Agreement " and " Application Manager Registration Form " with their own handwritten signature and seal.
In some cases, they may also be required to submit a " Certificate of Registered Matters " and a " Seal Certificate ."

Because the screening process is strict, it takes a considerable amount of time to issue the certificate, but it ensures a high level of reliability and safety .

Main uses

• Government website
• Financial institution website
• Major e-commerce sites

(Almost) Free SSL Certificates

In addition, some DV-certified SSL certificates can be issued and used for free , so we will introduce a few of them.

Let's Encrypt certificates

This automates certificate issuance using the ACME (Automatic Certificate Management Environment) protocol allowing you to instantly issue an SSL certificate

However, since the expiration date is only three months, you will need to update it every time. We recommend updating it regularly using cron or similar.
Here is a blog introducing the introduction of Let's Encrypt .

 

AWS ACM (AWS Certificate Manager) certificate

It is easy to apply, and if you are using AWS ROUTE53, authentication and issuance can be done more smoothly.
The installation location is limited to ALB and CloudFront, and it cannot be installed on EC2 (virtual machine), but there are no certificate issuance fees, so it is recommended for those who want to easily switch to SSL.

 

Reference books

I used this book as reference when writing this blog.
It provides easy-to-understand explanations of SSL communication and SSL certificates, as well as how to purchase and install them.

Let's get started with SSL ~From "I don't know" to "I understand it properly!"~

Conclusion

This time, we have briefly introduced the role and types of SSL certificates.
Next time, we will introduce the mechanism of key authentication and the roles of intermediate certificates and root certificates.

We also handle the purchase and installation of SSL certificates.
If you are considering SSL, please feel free to contact us.
Leave all your SSL installation and configuration needs to Beyond.

 

If you are worried about managing domain and SSL certificate expiration dates..

If you are having trouble managing the expiration dates of your domains and SSL certificates, please use the website monitoring service Appmill

Appmill is an automatic website monitoring service .

allows you to centrally manage the domains and SSL certificate expiration dates of multiple sites simply by registering the URL of the website you want to manage

You can register up to 100 URLs for free, so please take advantage of it!

Visit Apmil's official website

That's all, thank you for reading this far