Whats the go with SSL/TLS ?

Many have been confused to what is the go with SSL(Secure Socket Layer) security  aka TLS (Transport Layer Security). We all know its for security purposes online, to encrypt your communications between websites. We also know how it passes a public key or shared key in order for the client browser to decrypt and the server to decrypt using its private key. And protect communications from frying eyes.. etc etc.

But as I beginner in SSL , how would one implement this? And questions arises .. When I was learning it at these were the question that popped in my head.

  1. Why do we need a CA (Certification Authority)?
    • This Authority identifies who you are or in our case our website. A stranger cant just trust anyone online, let alone giving you their credit card details. So these guys are authorities that will ask a bunch of questions and documents so you can prove your identity and the authority will trust you and the public will trust the authority that trusted you.
  2. When should we implement a Self-signed certificate?
    • You can try to self-signed your own certificate but as mentioned, they will get a confirmation in your browser whether they should trust you or not. Your website will still be secure and protected but the trust issue is still at hand. That means you can generate your keys to encrypt your data line. But efficiency and peace of mind and for your audience in the internet, go with a CA otherwise use your self-signed only a need to need basis in your own network.
  3. Who generates the keys?
    • The keys will be generated upon creating a CSR (Certificate Signing Request) file,  a certificate signing request will also generate the public key and private key, then depending on your CA, you will get an intermediate key that also gets installed on your website, so that the CA can identify your website. Basically the CA will ask you to generate your a CSR against your server and complete the process.
      I will also include a step by step process in here from Comodo of how they normally process the purchase of a certificate. Most CA has a similar process or otherwise your webhost will do it for you.

      Comodo Step by Step acquiring SSL
      https://comodosslstore.com/blog/how-to-install-comodo-ssl-certificate-on-your-website.html

      More information here : http://stackoverflow.com/questions/5244129/use-rsa-private-key-to-generate-public-key

    • If you need to understand how the TSL/SSL handshake works here is a very thorough video explaining how they work. This is also a reminder to myself as I normally forget this stuff.

      Handshake Process of SSL
      https://www.youtube.com/watch?v=n_d1rCXNrx0

  4. What types of certifications are there?
    • Theres a bunch! Positive , wildcards are mostly offered by CA and quick search should point you to the right direction. But first off positive one only secures your yourdomain.com and www.yourdomain.com, wildcards as you may suspect gives your sub-domains plus the with or without www.

There are plenty of articles about how to implement this on your site. Especially a WordPress one like this one.

http://stackoverflow.com/questions/292732/self-signed-ssl-cert-or-ca

Most of the questions above will be answered by the above link.
Useful link below:

What is CSR file for?  https://www.sslshopper.com/what-is-a-csr-certificate-signing-request.html

 

Leave a Reply

Your email address will not be published. Required fields are marked *