What’s SSL Certificate? | How does SSL Certificate work? | How to get an SSL Certificate free in 2020?

  • Post author:

What is an SSL certificate? Why should I get an SSL certificate? How can I get an SSL certificate free? These are common questions among any person who starts a new online venture. This article will be dedicated to answering all those questions related to the SSL Certificate.

Millions of people do online shopping, register for some event, and share information on the web every day. Some of the information might not be very private and sensitive but most of the information shared over the web is intended to be private. SSL Certificate is installed on the webserver to ensure the safe transmission of data between user and server.

Usually, hackers target networks and steal the information getting transmitted or even alter the information sometimes for their profit. To make sure that sharing data with a website is secure, you need to check if the website has an SSL Certificate installed on their server. It can be checked by looking at the lock icon on the URL bar which shows that data shared with this website is secure. So, what is so magical about an SSL certificate that keeps hackers away from stealing information?

Let’s begin with the introduction to the SSL certificate and its working.

What is an SSL Certificate?

SSL Certificates are small data files containing digitally signed encryption keys to an organization and when it is installed on the server converts it the website from HTTP to a secure HTTPS platform.

Let’s understand what is SSL? SSL (Secure Socket Layer) is an encryption-based internet security protocol designed to make use of TCP (Transmission Control Protocol) in providing a reliable end-to-end connection. SSL is a set of rules to govern the authenticated and encrypted data communication between Client (The person who is browsing the Internet) and the Server (Website).

SSL certificate was designed by Netscape in 1995 for privacy on the web and later adopted as the Internet Security Protocol. Today we use an advanced version of SSL Certificate, TLS (Transport Layer Security) and sometimes we refer it as the SSL Certificate itself.

If we talk about SSL Certificate in network layers, it lies between the Application Layer and the Transport layer and performs below activities:

  • Provide end to end encryption for secure data transmission so that only two endpoints can read the data.
  • Ensure that data is not altered by any third party.

Authenticates by endpoints or users by using digital certificates

SSL Layer between Application and Transport
Image Source: IBM Knowledge Center

How does SSL Certificate work?

By now you must have gotten the basic idea of the SSL Certificate and its existence in network layers. Now the good question is how an SSL Certificate makes the data transmission secure. Let’s understand it with concepts of encryption and keys.

Encryption is the process of hiding the original data with some key and generating unbreakable text known as Ciphertext. SSL Certificate uses the same mechanism to protect the data from unauthorized hackers or intruders over the network.

Data Encryption can be of two types:

1-Symmetric Encryption-

This type of Encryption uses a single public key to encrypt and decrypt the data.

2- Asymmetric Encryption –

In this type of encryption a combination of Public and Private keys is used to encrypt and decrypt the data while communicating. Asymmetric Key Encryption is secure as compared to Symmetric Key Encryption.

Working of SSL Certificate using Asymmetric and Symmetric Encryption mechanism-

SSL Certificate uses both Asymmetric and Symmetric Key Encryption to establish secure data communication between Client and Server. Secure Communication begins with SSL/TLS Handshake which is an Asymmetric Encryption and then as a result a Session Key is generated. Once Session Key is generated it is used as Public Key for Symmetric Key encrypted data communication between Client and Server.

Let’s understand the complete process of SSL Handshake and Session key generation in detail-

Working of SSL Certificate using asymetric key

Part 1 – SSL Handshake (Asymmetric Encryption with a combination of Public and Private keys)

SSL/TLS handshake is a term which is used for the phenomenon of establishing secure communication and exchanging public key.

Step-1 Client generates a secure connection request to www.todaystechworld.com

Step-2 Server acknowledges the request and sends its public key associated with the SSL certificate.

Step-3 Client receives the Server SSL Certificate along with public key and validates with the existing set of known certificates authorities.

Step-4 If validation is successful Client generates a key using its private key and Server’s Public Key.

Part 2- Symmetric Encryption with Session Key –

Many people believe that SSL Certificate works on Asymmetric Key, but it is not true. Once SSL Handshake is complete a Session Key is generated as a result and after that, all data communication between server and client is done using this session key as Public key. The session key is destroyed after every session termination and with every new connection, a new session key is generated after SSL Handshake.

How to check if SSL Certificate is installed on any website’s server?

Nowadays search engines like Google, Bing, and yahoo have made it mandatory for each website to have an SSL Certificate installed on their server. If any website doesn’t have an SSL certificate, it might lose its search appearance or ranking in various search engines.

Identifying an SSL certificate is easy. You can check the lock icon beside the URL bar. If it is present that means the website is secure using an SSL certificate. You can click on the lock icon to see more information like the issuer of the certificate, validity of the certificate, and Certificate path.

Another simpler way to check if the website is SSL Certified is just opening the website and if it is not certified then most of the browsers issue a warning message about an insecure connection.

SSL Insecure site example

Types of SSL Certificate –

Usually working and encryption level of SSL Certificate is unique across the applications and industries and it is divided into multiple categories based on vetting and validation process for them.

In other words, all types of SSL Certificates work on the same encryption process but issued to websites based on their choice of validation from Certificate Authority (CA).

Let’s understand if the SSL encryption process is the same then why to have multiple types of SSL certificates.

  • A blogger might not need to brag about his website security to his readers and can use a basic SSL certificate, but an eCommerce website owner must show that they have a very secure platform and a user can share their personal information, can make payments, etc.
  • A website that is sending and receiving very private data might need to prove authorities that they are not doing any mischievous activity. To continue their business and get a secure badge they will be ready to go for a thorough validation process. That’s why a different type of SSL Certificate with added cost will be required here.

I hope you have understood the need to have a different kind of SSL Certificate. Let’s discuss types of SSL certificates that can be purchased or received free from few sources:

  • Extended Validation Certificates (EV SSL)
  • Organization Validated Certificates (OV SSL)
  • Domain Validated Certificates (DV SSL)
  • Wildcard SSL Certificate
  • Multi-Domain SSL Certificate (MDC)
  • Unified Communications Certificate (UCC)

Let’s dive into each.

Extended Validation SSL Certificate (EV SSL)-

This is the most expensive and highest rated SSL certificate which a website can possess. The reason for the highest cost is because the website owner will be thoroughly vetted and verified for the ownership of the domain and security process before allocating it. You can infer that cost for ssl certificate depends on the validation as well.

The validation for an EV SSL certificate is performed by a Certificate authority and if validation is successful website gets EV SSL Badge which shows website owner’s information, green padlock, https badge, and country origin alongside the address bar.

Organization Validated SSL Certificate (OV SSL)-

OV SSL Certificate is the second-highest-rated SSL Certificate. Like EV SSL Certificate OV SSL certificate also issued after appropriate validation from Certificate Authorities (CA). Difference between Organization Validated and Extended Validation Certificates is the flavor of the beneficiary website.

Organization Validated Certificate is issued to eCommerce or any other website that deals with private data from end-user. On the other hand, an EV Certificate is issued with the purpose of business credibility.

OV SSL Certificate provides green padlock, owner information, and country of origin in the URL bar as a token of safety and data security.

Domain Validated SSL Certificate (DV SSL) –

DV SSL Certificate is the least rated and least assuring SSL Certificate. It is the most basic and most easier certificate to get. With the least validation, usually validated via some email link or OTP, this is the cheapest certificate as well.

DV certificates are usually used by CMS platforms, blogging, or informative websites. This is the least SSL certificate that must-have for google search ranking, web credibility, and assurance that no malicious activity can be performed with the user information.

DV Certificate provides green padlock in the URL bar as safety assurance. This certificate doesn’t show owner information or country of origin.

Wildcard SSL Certificate-

Wildcard SSL Certificate is issued to the owner who has multiple subdomain websites and provides security to base domain as well as all the related subdomains.

Wildcard SSL Certificates do not belong to the different category but they some with DV SSL or OV SSL and termed as DV Wildcard Certificate or OV Wild Card Certificate. They serve the same purpose but the difference is that they encrypt the transmitted data over subdomain as well.

Wildcard Certificate has * along with base domain as Common Name.

WIldcard SSL Certificate

Multidomain SSL Certificate –

As the name suggests, a  Multidomain SSL Certificates are issued to a single owner and can be used to secure up to 100 domains and subdomains.

The difference between Multidomain and Wildcard SSL Certificate is that Wildcard is issued to use for a single domain and its subdomain while Multidomain SSL certificate can be used to secure up to 100 domain itself.

Unified Communications Certificates (UCC)-

Unified Communications Certificates are similar to Multidomain Certificates and can be used for multiple domains by a single owner. The difference is in the origin of both of the certificates. The original purpose of UCC was to secure Live Communication Servers like Microsoft Exchange but now it is used as EV Multidimensional Certificates as well.

How to activate a free SSL Certificate for your website?

SSL certificates can be purchased from any vendor like GoDaddy, BigRock, etc. The process is straightforward. We will discuss how to get it from for starters like you and me. There are many free SSL certificate providers as well. Cloudflare if the most trusted one. We will use Cloudflare to install a free SSL Certificate on the server.

Step 1 – Go to https://www.cloudflare.com/ and Sign Up using email and password and then log in to your newly created Cloudflare account.

Step 2- Click on the “+Add site” option on your Cloudflare dashboard and provide your site URL.

Step 3- Next step will be to select the plan for an SSL Certificate. For starter, you can select a Free plan. A free plan is more than enough for a blogger or a starter website.

Step 4- Next step is to scan your website. In this step, Cloudflare will scan your website and entities for SSL Solutioning. This will take a couple of minutes. After Scanning is complete change all the connections from “DNS only” to “DNS and HHTP proxy(CDN)”. Click Continue.

Step 5- In this step, Cloudflare will ask you to change your name server from the existing server to cloud flare name servers. This will pass the security-related control to Cloudflare.

This page should look like the below screenshot.

Change nameserver with Cloud nameserver

Step6- Login to your server hosting provider (for example godaddy.com) and click on DNS Management. Copy the Nameserver from Cloudflare as shown in the above picture and paste it on your DNS Management page.

Step 7- Switch back to the Cloudflare tab of your browser and click on continue. Then navigate to the Crypto tab and under the option “Encrypt communication to and from your website using SSL” select Full.

Full Encryption makes sure that both the paths between Cloudflare Server and Server/Client are SSL Secure. You can read more about it here on Cloudflare documentation.

Full mode SSL encryption Cloudflare

Step 8- Click on the overview tab and Recheck nameserver. It should be activated after some time. Sometimes it may take up to 24 hours.

Once it is activated you can open your website and see the https padlock in your URL bar.

 

Final Thoughts

With the increasing internet, usage security becomes a primary concern for web owners like eCommerce giants, social media, etc. SSL/TLS Certificate is the prime solution to secure data transmission networks from unwanted intruders, data thieves, and other security vulnerabilities.

I hope you have learned how SSL Certificate works 24X7 using encryption mechanism and provide a secure connection to do online purchasing, data sharing without getting worried. If you have any questions please comment below or use our Ask Us platform to ask any question or suggest any edit or topic for future articles.

Leave a Reply