Home>

Knowledge Hub>

SSL/TLS certificate

Security lock

What is an SSL/TLS certificate?

An SSL/TLS certificate is a record that contains all the information needed to verify the authenticity of a web server using cryptographic procedures. It is intended to ensure, for example, that the operator of a website really is who he claims to be.

At one look

  1. 1. SSL/TLS certificate: a definition
    1. 2. How does SSL/TLS encryption work?
      1. 3. What information does an SSL/TLS certificate include?
        1. 4. What are the different types of SSL/TLS certificates?
          1. 5. What are the benefits of using SSL/TLS certificates?
            1. 6. How do businesses obtain an SSL/TLS certificate?
              1. 7. How much does an SSL/TLS certificate cost?
                1. 8. How secure are SSL/TLS certificates?
                  1. 9. SSL/TLS certificate: What you need to know
                    https writing

                    01

                    SSL/TLS certificate: a definition

                    SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols that are used to authenticate and encrypt Internet connections. SSL and TLS are usually used for secure data transmission via HTTP (HTTPS). A valid SSL/TLS certificate is required to uniquely authenticate the servers and domains involved and to establish an encrypted connection. This contains, among other things, the public key and other information about the identity of a website. Once the required key pairs have been exchanged between the client (browser) and the web server, thus ensuring the legitimacy of the domain, a protected Internet connection can be established. With this method, online transactions can be secured, for example, or data transmission can be protected against unauthorized access.

                    02

                    How does SSL/TLS encryption work?

                    The SSL certificate is crucial for the functionality of SSL or TLS. When a client accesses a web server, the server authenticates itself to the client using a valid certificate. The client sends the server a random sequence of numbers encrypted with the server's public key contained in the certificate. The client and server then calculate a key that is used to encode further communication. For more information on SSL/TLS, see our Knowlegde Hub article "What is SSL/TLS?".

                    03

                    What information does an SSL/TLS certificate include?

                    A website secured with a valid SSL certificate is identified by a preceding HTTPS in the URL. In addition, a padlock symbol in the address bar of the browser indicates that the connection is secure. By selecting the icon, a wide range of information about the certificate used can be viewed. This includes:

                    • domain name

                    • certificate holder

                    • issuer of the certificate

                    • validity period

                    • signature algorithm

                    • serial number

                    • public key

                    04

                    What are the different types of SSL/TLS certificates?

                    SSL certificates are issued by official certificate authorities (CA). They verify the applicant and identify him as trustworthy. There are different types of certificates, which meet different requirements:

                    Domain Validation Certificate (DV-SSL)

                    With this certificate, the certificate authority checks the applicant’s right to use a specific domain name. DV-SSL certificates can be issued very quickly because the certificate authority does not require any additional company documents.

                    Organization Validation Certificate (OV-SSL)

                    In addition to the applicant’s right to use a specific domain, the certificate authority also checks some additional company information. A website with an OV SSL certificate shows the user more information about the operator of the website, imparting a greater level of trust.

                    Extended Validation Certificate (EV-SSL)

                    In this case, the organization submitting the application is thoroughly vetted. The Guidelines for Extended Validation, published by the CA/Browser Forum in 2007, specify how the issuance process works. Organizations applying for this certification must verify, among other things, that the entity exists legally, materially and operationally, and has control over the domain.

                    Wildcard SSL/TLS certificate

                    A wildcard SSL certificate can be used to secure a base domain and any number of subdomains with a single certificate. This is usually much cheaper and less complex than having a separate certificate issued for each subdomain. For example, a Wildcard SSL certificate for the base domain example.com is also valid for login.example.com, mail.example.com or download.example.com.

                    How HTTPS works

                    05

                    What are the benefits of using SSL/TLS certificates?

                    HTTPS pages encrypted via SSL/TLS are de facto standard on the Internet today. On HTTP pages without encryption, modern browsers often display a warning message that the page is not secure. A domain authenticated by an SSL certificate, on the other hand, appears trustworthy from the user's point of view. If data transmission is encrypted using SSL/TLS, users can be relatively sure that they are connected to the correct, authentic web server, that no content has been manipulated and that their data is protected. SSL/TLS encryption is therefore used in all areas where secure data transmission is important, such as online banking, online shopping, webmail and web forms.

                    06

                    How do businesses obtain an SSL/TLS certificate?

                    SSL certificates are generated and issued by a certificate authority. The trusted external organization also digitally signs the certificate with its own private key so that clients can verify it. After receiving the certificate, domain owners must install and activate it on the origin server. They should also ensure that the certificate is renewed in time to avoid the risk of it expiring and the encrypted domain becoming inaccessible.

                    However, this is becoming more and more of a hassle. In recent years, the maximum validity period of SSL certificates has steadily shortened. Initially, commercial certificates had a lifespan of up to five years, but in 2015 the maximum validity period was reduced to three years and finally to two years in 2018. Since fall 2020, SSL/TLS certificates have only been issued for up to 13 months. In addition, there are discussions about a general reduction of the validity period to a maximum of 90 days. Domain owners therefore have to worry about renewing their certificates at ever shorter intervals. Having a service provider automatically reissue the certificates can solve this problem.

                    Dollar sign

                    07

                    How much does an SSL/TLS certificate cost?

                    There are over 700 certificate authorities worldwide that issue SSL/TLS certificates. In addition, a large number of resellers and hosting providers offer related services, where companies have no influence on the choice of the certificate authority.

                     

                    Depending on the reseller or hoster and the type of certificate (DV, OV, EV), prices can vary significantly - from under $100 to over $1,000 per year. Since the end of 2015, there is also a certification authority, Let's Encrypt, which issues free SSL/TLS certificates of the DV-SSL type. These can be used for web servers, mail servers or FTP servers, for example. Since the validity period of the free certificates is limited to 90 days, Let's Encrypt recommends automatic renewal every 60 days.

                    08

                    How secure are SSL/TLS certificates?

                    Of course, even SSL/TLS certificates do not provide one hundred percent security. By exploiting vulnerabilities, attackers could prevent effective authentication and encryption via SSL/TLS. Entry points for possible attacks are:

                    Certificate authority

                    Although resellers and hosting providers perform security audits before accepting a certificate authority, there is still a risk that criminals will attack such an authority and create arbitrary certificates on its behalf.

                    Man-in-the-middle activities using arbitrary certificates

                    Intelligence agencies and investigative authorities can exploit vulnerabilities at certification authorities to eavesdrop on targeted connections using a valid certificate.

                    Fake certificate chains

                    By using special intermediate CA certificates, attackers can hack into encrypted connections and analyze their content.

                    Key generation

                    Some certificate authorities also handle the key generation. This poses a security risk, because the private key should be generated on the user’s own computer.

                    Compromise of certificates

                    If the private key is stolen without the certificate holder being aware of it, attackers can use the key to decrypt encrypted data.

                    Security lock

                    09

                    SSL/TLS certificate: What you need to know

                    SSL/TLS encryption and the associated certificates ensure secure data transmission, unambiguous authentication and data integrity on the web and thus greater trust by users. However, when operating multiple domains, organizations face an enormous administrative burden with high susceptibility to errors due to the ever-shortening validity period of SSL/TLS certificates. Expired or incorrectly implemented certificates can lead to downtime of web resources and thus to loss of revenue or damage to the company's image.

                     

                    This can be remedied by automated and centralized certificate management, which allows certificates to be renewed automatically before they expire.

                    Learn more about the Myra Certificate Management

                    Product Sheet

                    Secure your website and web applications with no effort using SSL/TLS encryption.

                    SSL/TLS ensures secure data transmission, unique authentication and data integrity, thus increasing user confidence. With Myra Certificate Management, you can have SSL/TLS certificates issued and managed automatically. Learn more in our Product Sheet:

                    • Key Benefits and Features of Myra Certificate Management

                    • How to avoid problems caused by expired certificates

                    • How SSL/TLS encryption works

                     

                    Fill out the registration form now to gain access to the detailed Product Sheet. In which you will find in-depth information about the key features of the Myra Certificate Management.

                     

                    All information on data processing can be found in our privacy policy.

                    © Myra Security GmbH 2024, all rights reserved

                    Responsible DisclosureLegal noticePrivacy policyPrivacy SettingsTerms and Conditions