Understanding SSL

What is SSL

Secure Socket Layer (SSL) Certificates are used to encrypt all data sent from your server to the client, and from the client back to the server. The use of SSL is strongly recommended when allowing a user to enter sensitive information such as passwords or credit card data into a form. Without the use of SSL, the data is transmitted over the Internet in a plain text format that a malicious users could read without issue. By using SSL, the data is encrypted, rendering the data virtually impossible to read.

Once applied to a website, the encryption is used when accessing the website using https://domain.com instead of the standard, unencrypted http://domain.com. You might notice the ‘s’ in ‘https’ stands for “secure”.

How SSL Works

SSL works by encrypting the information from the server to the user by utilizing encryption keys. A private key on the server is used to encrypt the data and a public key that is provided in the SSL certificate is used to un-encrypt the data. Conversely, information sent by the user is encrypted using the certificate and that information can only be un-encrypted by the private key on the server.

Because only the public key can un-encrypt the information encrypted by the private key and only the private key can un-encrypt data sent by the public key, it is extremely important that they remain in pairs. You cannot mix public an private keys from different certificates.

SSL Certificate Descriptions

There are a maximum of 4 certificates, depending on your situation.

CSR: Certificate Signing Request

This certificate is used to request an SSL certificate from a trusted provider such as Comodo, Verisign, Godaddy, etc. When ordering an SSL Certificate from a Trusted Provider, you must copy and paste the entire certificate, including “—–BEGIN CERTIFICATE REQUEST—–” and “—–END CERTIFICATE REQUEST—–”

Example CSR
—–BEGIN CERTIFICATE REQUEST—–
MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
aabbcTHIS+IS+NOT+A+REAL+CERTIFICATE++DO+NOT+USE+THIS+EXAMPLEaabc
HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v
Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV
IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr
WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J
cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl
4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH
Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn
—–END CERTIFICATE REQUEST—–

Private Key

The Private Key is the glue successfully installing an SSL Certificate on your website. This certificate is used to create the CSR, which in turn, is used to create the Public Key. The Public and Private keys then work together to create a secure connection between the server and the user’s browser. The Private Key and Public Key must match in order for the connection to work correctly.

SSL or Public Key

This key might also be referred to as the SSL Certificate. This is the certificate you receive back from a Trusted Provider after submitting the CSR. The Public keys works with the Private Key to encode the information transmitted between the server and the user’s browser.

CA (Certificate Authrority)

The CA Certificate is provided by a Trusted Provider when purchasing an SSL Certificate. This certificate lets the browser know the SSL certificate was issued by a trusted provider and prevents the browser from displaying warning messages.

CA Certificate files are often provided in pairs, so do not be surprised if you get 2 files. Both of these must be pasted into the CA Certificate file in order to work correctly

How To Web Host