What is an SSL certificate? A brief introduction to its role and types

Hi!
I'm Mastani from the Systems Solutions Department, and I've become completely hooked on PUIPUI Molkar, so I'm thinking of starting needle felting.

This time, we would like to briefly explain the role and three types of SSL certificates, which Beyond also provides implementation services for and which we often work with!

First, what is SSL?

SSL (Secure Sockets Layer)is a protocol for encrypting and transmitting data over the internet.
Personal information such as IDs/passwords, names and addresses entered on shopping websites, and credit card information are constantly targeted by malicious third parties.
SSL plays a role in preventing malicious third parties from eavesdropping on this important information and preventing the tampering of sensitive information being transmitted.

Although it says SSL,TLSis currently the most commonly used protocol.
TLS version 1.0 was released in 1999 as a transition from SSL 3.0.
In a sense, TLS is the successor to SSL.

Although often referred to as SSL for convenience, SSL 3.0was found to have a critical vulnerability in 2015, and its usehas been discouraged ever since.
Therefore, even when referring to SSL,TLS is now used in most cases.

Why did you change your name?

 

to a protocol that encrypts HTTP communication over the internet using SSLHTTPS communicationrefers
SSL protects communication data,making it impossible for third parties to decipher the data's contents even if they try to intercept it.
When HTTPS communication is used, the URL displayed in the browser bar will begin with "https://"in the browser barlock icon"will appear

in the address bar when browsing sites that are not encrypted with SSLNot securehas displayed a
Currently, this warning is also displayed in Firefox and Microsoft Edge.

Therefore, if SSL is not implemented, usersIs this page safe?may become suspicious and wonder,

What is an SSL certificate?

used to verify the authenticity of a website operator and encrypt communication data between the browser and the web serverdigital certificatesare
After application and review, SSL certificates are issued by certification authorities such as GlobalSign.

An SSL certificateinformation about the website owner, keys necessary for encrypted communication,signature data from the certificate authoritycontains

Representative certification authorities
include GeoTrust, DigiCert, GlobalSign, and Secom.

An SSL certificate has three functions:

• It can prevent spoofing
• It is possible to prevent information tampering by third parties
• Prevents third parties from stealing information

 

Three Types of SSL Certificates

There are three types of SSL certificates: DV, OV, and EV.
The later the certificate, the more stringent the review process, making it more difficult to obtain and the higher the certificate price, but it provides greater reliability and security.

Domain Validation (DV)

This certificate is issued after verifying domain administration rights.
Domain administration rights are primarily verified using the following methods.

• is issued by authenticating the "domain usage rights and certificate issuance approval email" sent to an email address such as "admin@domain name".Email authentication
• involves placing a file containing "authentication information" shared by the Certificate Authority (CA) in a specified path under the domain's document root to perform authentication.File authentication
• is performed by registering a specified record value.DNS authentication

Domain-validated SSL certificates are relatively easy to obtain, and individuals can also apply for and obtain them

Main uses

• Personal website
• Company website

 

Identity Verification (OV)

In addition to verifying domain management rights, the existence of the company is also confirmed.
using a third-party databasereviewing organizational informationandreceiving a phone verification from the certification authorityThe certificate is issued after
Since the certificate includes organizational information, it is effective in preventing impersonation.

Main uses

• Company website
• E-commerce site

EV Certification (EV)

than that for OV certificationThe review process is even more rigorous.

In addition to verifying domain management rights, reviewing organizational information using a third-party database, and conducting telephone verification from the certification authority, depending on the certification authority and plan, applicants may be required to submit a "Certificate Agreement" or "Registration of Applicant" bearing their handwritten signature and seal.
In some cases, a "Certificate of Registered Matters" or "Certificate of Seal Impression" may also be required.

While the rigorous review process means it takes a considerable amount of time to issue, itensures a high level of reliability and security.

Main uses

• Government website
• Financial institution website
• Major e-commerce sites

(Almost) Free SSL Certificates

Additionally, some DV-certified SSL certificatesavailable for free, so I'd like to introduce a few of them.

Let's Encrypt certificates

This systemthe ACME (Automatic Certificate Management Environment) protocolto automate certificate issuance,immediate issuance of SSL certificatesallowing for

However, since the validity period is short (3 months), renewal is required each time. It is recommended to perform regular renewals using cron or similar tools.
A blog introducing the installation of Let's Encrypt can befound here.

 

AWS ACM (AWS Certificate Manager) certificate

The application process is easy, and authentication and issuance are even smoother if you're using AWS Route 53.
While it's limited to ALB and CloudFront installations and cannot be used on EC2 (virtual machines), there are no certificate issuance fees, making it a great option for those who want to easily implement SSL.

 

Reference books

I used this book as a reference when writing this blog.
It provides clear explanations of SSL communication and SSL certificates, as well as how to purchase and install them.

Let's get started with SSL ~From "I don't know" to "I understand it properly!"~

Conclusion

This time, I gave a brief introduction to the role and types of SSL certificates.
Next time, I would like to introduce the mechanism of key authentication and the roles of intermediate certificates and root certificates.

We also offer SSL certificate purchasing and installation services.
If you are considering implementing SSL, please feel free to contact us.
Leave your SSL installation and setup to Beyond.

 

If you are worried about managing domain and SSL certificate expiration dates..

Furthermore, if you are having trouble managing the expiration dates of your domains or SSL certificates,the website monitoring service Appmillplease use

Appmill is anautomated website monitoring service.

the expiration dates of domains and SSL certificates for multiple websites simply by registering the URLs of the websites you want to managecentrally manageallows you to

You can register up to 100 URLs for free, so please take advantage of it!

Visit Apmil's official website

That's all, thank you for reading this far