What is SSL, TLS and HTTPS?
What is an SSL Certificate?
SSL stands for Secure Sockets Layer and, in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personally identifiable information or with payroll information).
It does this by making sure that any data transferred between users and sites, or between two systems remain impossible to read. It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. This information could be anything sensitive or personal which can include credit card numbers and other financial information, names and addresses.
TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from Symantec you are buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption.
HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.
An SSL certificate is installed on the server side but there are visual cues on the browser which can tell users that SSL protects them. Firstly, if SSL is present on the site, users will see https:// at the start of the web address rather than the HTTP:// (the extra “s” stand for “secure”). Depending on what level of validation a certificate is given to the business, a secure connection may be indicated by the presence of a padlock icon or a green address bar signal.
Google now advocates that HTTPS, or SSL, should be used everywhere on the web and, as of 2014, the search engine has been rewarding secured websites with improved web rankings, another great reason for any site to install SSL.
Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used. When you buy an ‘SSL’ certificate from Symantec, you can, of course, use it with both SSL and TLS protocols.
Levels of business authentication:
As well as encryption, Certificate Authorities (CAs) can also authenticate the identity of the owner of a website, adding another layer of security. The SSL certificate is then used as proof of the company’s identity. Certificates can be divided into three authentication groups, based on the level of authentication, which are:
1 DOMAIN VALIDATION CERTIFICATES
2 ORGANIZATION VALIDATION CERTIFICATES
3 EXTENDED VALIDATION CERTIFICATES
These vary slightly in purpose and function. It’s worth knowing a little more how each of them works before deciding which is the most suitable.
How does an SSL certificate work?
The basic principle is that when you install an SSL certificate on your server and a browser connects to it, the presence of the SSL certificate triggers the SSL (or TLS) protocol, which will encrypt information sent between the server and the browser (or between servers); the details are obviously a little more complicated.
SSL operates directly on top of the transmission control protocol (TCP), effectively working as a safety blanket. It allows higher protocol layers to remain unchanged while still providing a secure connection. So underneath the SSL layer, the other protocol layers are able to function as normal.
If an SSL certificate is being used correctly, all an attacker will be able to see is which IP and port is connected and roughly how much data is being sent. They may be able to terminate the connection, but both the server and user will be able to tell this has been done by a third party. However, they will not be able to intercept any information, which makes it essentially an ineffective step.
The hacker may be able to figure out which hostname the user is connected to but, crucially, not the rest of the URL. As the connection is encrypted, the important information remains secure.
How to know if SSL is needed
The fact that Google is pushing for HTTPS across the web and prioritizing sites that have an SSL certificate probably indicates just how much SSL is needed, but here are some other top reasons for getting an SSL certificate.
According to Business Insider 74% of shopping carts are abandoned but up to 64% can be recovered with better checkout security and flow. Many of this 64 % are more likely to complete a purchase if they know the checkout area is secure. That’s not several businesses can afford to ignore. Even if they’re only using SSL for their checkout area, it’s well worth it.
If sites offer membership or anything that involves collecting email addresses and other sensitive information, then SSL is a good idea. It’s always sensible to keep customer information as safe as possible.
If forms are used
The same applies if they use any kind of form where users will be submitting information, documents, or images. It is surprising how much information is collected about a site’s visitors, so it’s worth keeping it safe.
What are the visual implications of SSL?
As we’ve referred to a number of times throughout this guide, it is often the visual impact of an SSL certificate that has the biggest effect on users and potential customers. But how exactly does this work and what visual form will an SSL take on a site?
As with any purchase, online or not, most people will be more likely to buy from a reputable dealer. Certificates to prove authenticity or expertise in a certain field go a long way to making customers feel more secure.
That’s exactly the visual impact an SSL certificate can have on potential clients. SSL and TLS are the industry’s best and most accepted standards of security and certificates should be proudly displayed where everyone can see them.
First of all, it will appear in the address bar. The site’s pre-x will be https:// rather than the http:// and users are more frequently insisting on the difference.
The presence of the padlock icon in the address bar is also a big indication of safety. It reassures customers that their connection is secure and encrypted. And, as we’ve mentioned, it can make people more likely to complete a transaction.
By using the most secure form of certificate – the Extended Validation SSL certificate – the company name appears in green in the address bar. It’s another sure-re way of letting customers know that it’s 100% legitimate.
Lastly, many SSL certificates come with a seal image, which can be used on the site to display the brand of SSL which is being used. Let customers know that their security and information are protected and they’ll be far more likely to trust the site with their cash. Research from 2013 shows that Symantec SSL’s SSL seal is the most recognized on the web.
What is an SSL Connection Error?
An SSL connection error occurs when the page being accessed has some security issues. They occur for users’ protection, interrupting access to inform them that there may be some security concerns if they progress.
They can take a number of forms, often differing from the choice of browser. In some instances, the page may go red with the https:// pre-x also highlighted in red. Using Google Chrome, there are a number of messages that users might see appear on their screen. These include ‘your connection is not private’ or simply that ‘this webpage is not available’.
It might be as the result of the outdated security code on the website and doesn’t necessarily mean that the site being accessed is suspicious, but users should take connection errors seriously, especially if they are not 100% sure about the destination site.
Whilst there are ways to circumnavigate SSL connection errors, it is strongly recommended that users don’t.
If in website development trials it is found that the site is suffering from SSL connection errors then it is imperative to do something about it quickly. This may involve updating the security settings or simply acquiring a more adapted SSL certificate. This will help browsers to establish that the site is secure and allow users to access it without safety warnings.
Does SSL Work on Email?
Most of the big email providers use SSL encryption to encrypt users’ mail. In most cases, the SSL option will be automatically checked in email settings. To retrieve mail that has flagged up an error message the user may have to uncheck this option.
If the account where users retrieve mail supports SSL then they can select this option to have data sent through a secure connection.
If a company is setting up its own email service the IT team may need to check with their provider that they are also secured by SSL. This will eliminate security problems when sending out mail shots and individual mail.
|Fiot Co., Ltd. – IoT & Embedded Systems Solutions
✽email@example.com or firstname.lastname@example.org
✽(+84) 287 300 0973