SSL Certificate is a digital certificate that authenticates the identity of a website and enables an encrypted connection between a web server and the browser, through a security protocol commonly identified as SSL (Secure Sockets Layer) or its renewed version and more secure, called TLS (Transport Layer Security).
The main purpose of an SSL certificate is to authenticate a secure connection, through which it is not possible to read or modify information transmitted between a device (Ex: Your computer) and the web server where the content is hosted. A secure and properly certified connection is currently easy to identify, through the existence of a padlock next to the address (URL) entered in the browser.
How does it work?
As mentioned earlier, the SSL/TLS protocol guarantees the impossibility of reading / modifying information transmitted between two devices. This is achieved through the use of cryptography algorithms applied to the transmitted information. This information may contain sensitive data such as personal information, credit card numbers, login credentials or other sensitive information.
When you try to access via an encrypted and certified connection, the following actions are triggered:
1) Through the browser, a connection is established to a website (web server) that is protected with an SSL certificate.
2) The browser requests the identification of that same web server.
3) In response to the previous request, the web server sends a copy of your SSL certificate.
4) The browser validates that the SSL certificate is reliable and issued by a competent authority for its issuance. After validation, it gives this same confirmation to the web server that sent it.
5) The web server returns a digitally signed acknowledgment to initiate an SSL-encrypted connection in this way.
6) The data transmitted from here is properly encrypted and shared between the device that initiated the connection and the respective web server where the content is hosted.
All the actions mentioned are commonly identified as the 'SSL Handshake' process and are performed in milliseconds.
What information can be contained in the details of an SSL certificate?
As we mentioned earlier, accessing a website via a browser is easily identifiable through the existence of a padlock next to the address (URL) entered in the browser, which in turn is preceded by the acronym https (HyperText Transfer Protocol Secure). After validating the existence of a valid certificate, you can get additional information about the SSL certificate, such as:
- The name of the address(es) to which the certificate was issued
- The entity to which it was issued
- Which certification authority issued it
- The certificate authority's digital signature
- The date of issue of the certificate
- The certificate expiration date