With all of the chatter about various ways to protect and encrypt our data from prying eyes, The App Experts mobile development team thought it was time to share some insight into SSL or Secure Sockets Layer and how it works to keep data protected during a transfer.
At its most basic level, SSL is a standard security technology leveraged by millions of websites globally. It is used to create a secure link between a web browser and a server, and it is designed to keep the data transmitted between the two private.
Before a secure connection can be established, however, the server requires an SSL Certificate. The certificate in created by answering a series of questions that will play a factorising role in creating two encrypted keys: a private key, and a public key.
The public key, doesn’t need to be secret, and can then be placed into a request known as a CSR, or a Certificate Signing Request for short. The CSR also contains relevant information about the user.
There is an application process for the SSL Certificate that requires validation by the Certification Authority that handles the validation of your details. Once validated, the SSL Certificate is issued aligning with the given details, and the user is able to use SSL.
When used, the webserver matches the SSL Certificate with the users’ Private Key, after which the users’ web browser will establish a secured and encrypted link between itself and website.
All of this happens more or less behind the scenes, which makes for a user friendly process. But for those who seek a little bit of a visual cue that all is secure, there can be found a small icon of a padlock in the web browser to let the user known that they are in safe, SSL standard, hands. Nice, no?
So what’s actually in the certificate, you may well ask? Usually it contains a domain name, company name, country, and expiration date of the Certificate itself, while information about the Certification Authority that issued the certificate is also held within.
After all, we want to know who, what, when, and how when it comes to securing us, right?
When a web browser contacts a web server, it checks the certificate expiration date, whether the certificate was issued by a known Certification Authority and it trusts, and whether the same certificate is being used by the website being accessed. Should any of these checks fail, then the user is informed via a warning before continuing to the web site. The user can still continue if they wish to take that risk, but they will do so knowing that the credentials didn’t match.
In closing, that’s pretty much how SSL works. So how about your experience? Is SSL enough security for you? How do you protect your data? Let us know in the comments section below. Cheers!