What is a Secure Sockets Layer (SSL)?

Secure Sockets Layer (SSL) is a cryptographic protocol designed to ensure secure communication over computer networks. It establishes a secure connection between a client and server, encrypting data exchanged to maintain confidentiality and integrity.

Through a process called a “handshake,” SSL authenticates the identities of both parties and negotiates encryption algorithms and keys for secure transmission. SSL certificates, issued by trusted authorities, validate the server’s identity, ensuring that clients connect to legitimate websites. While SSL has been succeeded by Transport Layer Security (TLS), it remains widely used to safeguard sensitive online transactions and communications, such as in e-commerce and online banking, by encrypting data transmission.

How Does the Secure Sockets Layer (SSL) Work?

Secure Sockets Layer (SSL) uses a number of procedures to establish a secure connection between a client (such as a web browser) and a server (such as a website):

1. Handshake Initialisation: The SSL handshake happens when a client sends a connection request to a server. The client sends a “hello” message to the server, revealing its SSL capabilities and supported encryption techniques.
2. Server Authentication: When the server receives the client’s hello message, it answers with a hello message that includes its SSL certificate. This certificate includes the server’s public key, identity information (such as its domain name), and the digital signature of the certificate authority (CA) who issued it. To ensure trust in the server’s identity, the client verifies the certificate’s validity.
3. Key Exchange: The client creates a session key—a symmetric encryption key used only for this session—after authenticating with the server. Using the public key of the server from the SSL certificate, the client encrypts the session key and returns it to the server.
4. Encryption: The server uses its private key to decrypt the encrypted session key after receiving it. With a shared session key, the client and server can now encrypt and decrypt data sent throughout the session symmetrically.
5. Secure Data Transmission: Symmetric encryption schemes allow the client and server to communicate data once the session key has been established safely. This session key is used to encrypt and decrypt all data sent between the client and server, including HTTP requests and answers, ensuring confidentiality and integrity.
6. Connection Termination: The process of signaling the end of an SSL session can be started by either the client or the server, which assures that any subsequent interactions will need a fresh SSL handshake for it to establish a secure connection.

SSL Certificate and its Types

A digital certificate, known as an SSL, certifies a website’s identity and permits safe connections between a web server and a web browser. By confirming that the website is owned by a reputable organisation and encrypting data sent between the client and server, it acts as a trust anchor.

Depending on the degree of validation and the number of domains or subdomains they protect, SSL certificates come in a variety of forms:

1. Domain Validated (DV) Certificate: This certificate provides basic validation and merely confirms the domain’s ownership. DV certificates are often given promptly and are appropriate for personal websites or blogs that require encryption but not substantial validation.
2. Organization Validated (OV) Certificate: OV certificates offer a further level of validation by confirming the identity of the organisation in addition to domain ownership. The purpose of certificate authorities’ checks is to verify the organisation’s legal existence and its present state. Businesses and organisations who want to prove their reliability to their users utilise OV certificates.
3. Extended Validation (EV) Certificate: EV certifications have the most thorough verification procedure and the highest level of validity. EV certificates require extensive verification of the requesting entity’s legal and physical presence, in addition to validating domain ownership and organisation identity. Websites holding EV certificates have their name shown prominently in the address bar of the browser, signalling to users that they are a very reliable source.
4. Wildcard Certificate: An infinite number of subdomains under a principal domain are secured with a wildcard certificate. When a wildcard certificate for “*.example.com” is used, it can cover subdomains such as “blog.example.com,” “www.example.com,” and any other instance of “example.com.”
5. Multi-Domain (SAN) Certificate: These certificates, which are also called Subject Alternative Name (SAN) certificates, enable the security of numerous domains or subdomains under a single certificate. Organisations that manage several websites or applications across different domains may benefit from this flexibility.

How can iZOOlogic help my Company or Organisation?

Find out how iZOOlogic can protect your organisation with Domain Name Management solutions.

To find out more about how iZOOlogic can help protect your company’s cyber security, schedule a demo.