What is an SSL certificate? A brief introduction to its role and types

Hi!
I'm Mastani from the Systems Solutions Department, and I've become completely hooked on PUIPUI Molkar, so I'm thinking of starting needle felting.

This time, we would like to briefly explain the role and three types of SSL certificates, which Beyond also provides implementation services for and which we often work with!

First, what is SSL?

SSL (Secure Sockets Layer)is a protocol for encrypting and transmitting data over the internet.
Personal information such as IDs/passwords, names and addresses entered on shopping websites, and credit card information are constantly targeted by malicious third parties.
SSL plays a role in preventing malicious third parties from eavesdropping on this important information and preventing the tampering of sensitive information being transmitted.

Although it says SSL,TLSis currently the most commonly used protocol.
TLS version 1.0 was released in 1999 as a transition from SSL 3.0.
In a sense, TLS is the successor to SSL.

Although often referred to as SSL for convenience, SSL 3.0was found to have a critical vulnerability in 2015, and its usehas been discouraged ever since.
Therefore, even when referring to SSL,TLS is now used in most cases.

Why did you change your name?

 

HTTPS communication refers to a protocol that encrypts HTTP communication over the internet using SSL . SSL protects communication data, making it impossible for third parties to decipher the data's contents even if they try to intercept it . When HTTPS communication is used, the URL displayed in the browser bar will begin with " https://" , and a " lock icon" will appear in the browser bar

Furthermore, since July 2018, Google Chrome has displayed a " Not secure " warning in the address bar when browsing sites that are not encrypted with SSL . Currently, this warning is also displayed in Firefox and Microsoft Edge.

Therefore, if SSL is not implemented, users may become suspicious and wonder, " Is this page safe? "

What is an SSL certificate?

SSL certificates are digital certificates used to verify the authenticity of a website operator and encrypt communication data between the browser and the web server . After application and review, SSL certificates are issued by certification authorities such as GlobalSign.

An SSL certificate contains information about the website owner, keys necessary for encrypted communication , and signature data from the certificate authority

Representative certification authorities
include GeoTrust, DigiCert, GlobalSign, and Secom.

An SSL certificate has three functions:

• It can prevent spoofing
• It is possible to prevent information tampering by third parties
• Prevents third parties from stealing information

 

Three Types of SSL Certificates

There are three types of SSL certificates: DV, OV, and EV.
The later the certificate, the more stringent the review process, making it more difficult to obtain and the higher the certificate price, but it provides greater reliability and security.

Domain Validation (DV)

This certificate is issued after verifying domain administration rights.
Domain administration rights are primarily verified using the following methods.

• Email authentication is issued by authenticating the "domain usage rights and certificate issuance approval email" sent to an email address such as "admin@domain name".
• File authentication involves placing a file containing "authentication information" shared by the Certificate Authority (CA) in a specified path under the domain's document root to perform authentication.
• DNS authentication is performed by registering a specified record value.

Domain-validated SSL certificates are relatively easy to obtain, and individuals can also apply for and obtain them

Main uses

• Personal website
• Company website

 

Identity Verification (OV)

In addition to verifying domain management rights, the existence of the company is also confirmed. The certificate is issued after reviewing organizational information using a third-party database and receiving a phone verification from the certification authority . Since the certificate includes organizational information, it is effective in preventing impersonation.

Main uses

• Company website
• E-commerce site

EV Certification (EV)

The review process is even more rigorous than that for OV certification .

In addition to verifying domain management rights, reviewing organizational information using a third-party database, and conducting telephone verification from the certification authority, depending on the certification authority and plan, applicants may be required to submit a "Certificate Agreement" or "Registration of Applicant" bearing their handwritten signature and seal.
In some cases, a "Certificate of Registered Matters" or "Certificate of Seal Impression" may also be required.

While the rigorous review process means it takes a considerable amount of time to issue, itensures a high level of reliability and security.

Main uses

• Government website
• Financial institution website
• Major e-commerce sites

(Almost) Free SSL Certificates

Additionally, some DV-certified SSL certificatesavailable for free, so I'd like to introduce a few of them.

Let's Encrypt certificates

This system uses the ACME (Automatic Certificate Management Environment) protocol to automate certificate issuance, allowing for immediate issuance of SSL certificates simply by executing a command

However, since the validity period is short (3 months), renewal is required each time. It is recommended to perform regular renewals using cron or similar tools.
A blog introducing the installation of Let's Encrypt can befound here.

 

AWS ACM (AWS Certificate Manager) certificate

The application process is easy, and authentication and issuance are even smoother if you're using AWS Route 53.
While it's limited to ALB and CloudFront installations and cannot be used on EC2 (virtual machines), there are no certificate issuance fees, making it a great option for those who want to easily implement SSL.

 

Reference books

I used this book as a reference when writing this blog.
It provides clear explanations of SSL communication and SSL certificates, as well as how to purchase and install them.

Let's get started with SSL ~From "I don't know" to "I understand it properly!"~

Conclusion

This time, I gave a brief introduction to the role and types of SSL certificates.
Next time, I would like to introduce the mechanism of key authentication and the roles of intermediate certificates and root certificates.

We also offer SSL certificate purchasing and installation services.
If you are considering implementing SSL, please feel free to contact us.
Leave your SSL installation and setup to Beyond.

 

If you are worried about managing domain and SSL certificate expiration dates..

Furthermore, if you are having trouble managing the expiration dates of your domains or SSL certificates, please use the website monitoring service Appmill

Appmill is anautomated website monitoring service.

Apmir allows you to centrally manage the expiration dates of domains and SSL certificates for multiple websites simply by registering the URLs of the websites you want to manage

You can register up to 100 URLs for free, so please take advantage of it!

Visit Apmil's official website

That's all, thank you for reading this far