SSL Certificates for Beginners

SSL stands for “Secure Socket Layer” and it is used to establish a secure session between a web browser and a website to ensure all traffic is transmitted in an encrypted format.  Using online security at your business or at your home helps your customers or visitors feel safer transmitting their data across the Internet.  There are a number of potential risks using online services and it is important to understand how to protect yourself against them. 

Use an SSL certificate signed by a trusted certificate authority to protect your data.  There are two functions to any SSL certificate, which is a digital file.  The SSL certificate authenticates and verifies that the person who is accessing your site is who they say they are.  An SSL certificate also provides encryption to protect data transmitted between two sites via the Internet.  Encrypted data cannot be intercepted or read by anyone else, aside from the intended recipient, if the encryption level is sufficient. 

Keys are used to perform the above functions during an SSL session.  The public key encrypts the data while the private key decrypts the data.  If you connect to a site that is using an SSL certificate, you will be provided with that site or company’s public key to encrypt your data transmission.  This means that the only way to read this data is for the company, who owns and stores the private key, to decrypt it. 

When you are performing any transaction over the Internet that involves sensitive or personal information (such as your credit card, SIN, or birthdate), always check that the site you are connecting to is using an SSL certificate.  This can be verified by a few methods.  The website itself should include ‘https://’ (not ‘http://’); you should see a small padlock somewhere on your browser (where depends on which browser you are using); and if you are running any security software, you may even see a verification symbol, such as a check mark or the URL highlighted in green. 

You should use an SSL certificate as often as possible, but some specific situations would be:

·         To secure communication between your browser and a company website

·         To secure any internal network communications

·         To secure email communications

·         To secure information between servers

·         To secure data sent or received via mobile devices

This is a very simple overview of SSL certificates but the message is simple – you need to use these on your company’s website if you want your customers to trust that their data is secure.  Invest in the technology now to maintain your customer base and your reputation.  Should you require any assistance with setting up SSL certificates on your organization’s network, Blue Hole Security can help.