What is an SSL certificate? A brief introduction to its role and types
Hello!
I'm Masutani from the System Solutions Department, and I'm hooked on PUIPUI Molcar and thinking about starting wool felting.
This time, I would like to briefly explain the role and three types of SSL certificates, which we also provide installation services at Beyond, and which we often work with!
First of all, what is SSL?
SSL (Secure Sockets Layer) is a protocol for encrypting and sending and receiving data communications over the Internet.
Information such as IDs/passwords, personal information such as names and addresses entered on shopping sites, and credit card information are always targeted by malicious third parties.
SSL plays the role of preventing these important information from being intercepted by malicious third parties and tampering with the important information being sent.
Although it is written as SSL, currently TLS is mainly used.
TLS version 1.0 was released in 1999 as a transition from SSL 3.0.
In other words, TLS is like a successor to SSL.
Although it is often referred to as SSL for convenience, SSL 3.0 is no longer recommended
for use after a serious vulnerability was discovered in 2015 Therefore, even though it is called SSL, most cases now use TLS .
I wonder why they changed their name...
The protocol that encrypts HTTP communication on the Internet using SSL is called
HTTPS communication Communication data is protected by SSL, and even if a third party tries to spy on it, it cannot be deciphered .
For those using HTTPS communication, the URL displayed in the browser bar will start with " https://" lock mark" will be displayed in the browser bar
has started displaying a
Not Secure in the address bar when viewing a site that is not encrypted with SSL Currently, the warning is also displayed in Firefox and Microsoft Edge.
Therefore, if SSL is not installed, users may feel suspicious and wonder, Is this page safe?
What is an SSL certificate?
an electronic certificate that confirms the existence of a website operator and encrypts communication data between the browser and the web server .
SSL certificates are issued by a certification authority such as GlobalSign after application and review.
An SSL certificate contains the website owner's information, the key required for encrypted communication , and the certificate authority's signature data
Representative certification authorities
Geotrust, DigiCert, GlobalSign, Secom, etc.
Additionally, SSL certificates have the following three roles.
- Can prevent spoofing
- Can prevent falsification of information by third parties
- Prevents information from being seen by third parties
Three types of SSL certificates
There are three types of SSL certificates: DV, OV, and EV.
The latter type of certification becomes more difficult to obtain due to stricter examinations, and the price of the certificate becomes higher, but it provides higher reliability and security.
Domain verification (DV)
This is a certificate issued by confirming domain management authority.
Confirm that you have domain management authority mainly by the following confirmation method.
- Email authentication issued by authenticating the "domain usage right and certificate issuance approval email" sent to the domain email address such as "admin@domain name"
- File authentication that performs authentication by installing a file containing "authentication information" shared by a certification authority in a specified path under the domain's document root.
- DNS authentication that performs authentication by registering specified record values
It is relatively easy to obtain an SSL certificate for domain authentication, and individuals can also apply for it.
Main uses
- personal site
- Corporate website
Existence verification (OV)
In addition to verifying your domain's administrative rights, we also verify your company's existence.
A certificate will be issued after
a review of the organization's information using a third-party database and a telephone confirmation from the certification authority Since the organization information is written in the certificate, it is effective in preventing impersonation.
Main uses
- Corporate website
- EC site
EV certification (EV)
The examination is more rigorous than the OV certification .
In addition to confirmation of domain management authority, examination of organizational information using a third-party database, and telephone confirmation from the certification authority, depending on the certification authority and plan, the applicant's handwritten signature and seal may be required. Submit
"Certificate Contract Agreement " and " Application Responsible Person Registration Form In some cases, you may also need to submit Certificate of Registration " or " Certificate of Seal Impression
Due to the strictness of the examination, it takes a considerable amount of time to issue the certificate, but you can obtain a high level of reliability and safety .
Main uses
- Government website
- Financial institution website
- Major EC site
(Almost) Free SSL Certificates
In addition, some DV certified SSL certificates can be issued and used for free , so we will introduce some of them.
Let's Encrypt certificate
Since certificate issuance is automated using the ACME (Automatic Certificate Management Environment) protocol it is possible to immediately issue an SSL certificate
However, since the expiration date is only 3 months, you will need to update it each time. It is recommended that you update regularly using cron, etc.
Click here for the blog that introduces the introduction of Let's Encrypt .
AWS ACM (AWS Certificate Manager) certificate
It is easy to apply, and if you use AWS ROUTE53, authentication and issuance can be performed more smoothly.
Installation is limited to ALB and CloudFront, and cannot be installed on EC2 (virtual machines), but there is no cost to issue certificates, so it is recommended for those who want to easily implement SSL.
Reference books
I used this book as a reference when writing this blog.
Explanations about SSL communication and SSL certificates, as well as purchasing and installation information are provided in an easy-to-understand manner.
Let's get started with SSL - From "somehow" to "I understand it!"
Conclusion
This time, we briefly introduced the role and types of SSL certificates.
Next time, I would like to introduce the key authentication mechanism and the roles of intermediate certificates and root certificates.
In addition, we provide SSL certificate purchase and installation services.
If you are considering SSL, please feel free to contact us.
For SSL installation settings, leave it to Beyond.
If you are worried about managing the expiry date of your domain/SSL certificate...
Also, if you are worried about managing the expiry date of your domain or SSL certificate, please use the website monitoring service Appmill
Appmill an automatic website monitoring service .
allows you to centrally manage domain and SSL certificate expiration dates for multiple sites by simply registering the URL of the website you want to manage
You can use it for free until you register 100 URLs, so please take advantage of it!
Thank you for reading this far.