Academy

    What are SSL/TLS Certificates?

    What are SSL and TSL certificates used for?

    What is HTTP?

    SSL/TLS Certificates

    Introduction

    SSL and TLS certificates show clients that a web server genuinely belongs to its domain owner and facilitates the secure transmission of information between a client and a web server. They are an integral part of the SSL/TLS handshake process and are required to establish trust between clients and servers.

    Encryption alone is not enough to prevent information from getting into the hands of malicious actors. Without properly establishing trust, encrypted information could be securely transmitted to a web server owned by a malicious actor who can decrypt the information and steal your data.

    Contents of SSL and TLS certificates

    SSL/TLS certificates typically contain the following information to establish trust:

    1. The domain name for which the certificate was issued
    2. The person, organization, or device responsible for the certificate
    3. The certificate authority (CA) issuing the certificate
    4. The digital signature of the certificate authority
    5. Associated subdomains (if any)
    6. Start and end dates of the certificate’s validity period

    This information helps secure a domain from domain spoofing attacks by preventing attackers from creating a fake version of the website. If the certificate cannot be properly validated, browsers will typically return a warning or prevent you from accessing the website.

    To facilitate encryption, the SSL/TLS certification also contains the web server's public key.

    The public key is a long and random string of numbers that is used in the SSL/TLS handshake process to establish the session keys that will be used for data encryption and decryption during the session.

    Self-signed SSL/TLS certificates

    There is a special type of TLS/SSL certificate called the self-signed certificate. This certificate is considered self-signed because the certificate isn't issued by a CA, and can be generated by anyone. It contains all the information you'd find in a typical TLS certificate. Self-signed certificates are signed with the website's own private key.

    While a self-signed TLS/SSL certificate can serve the same function as a CA-issued certificate, it can't help to establish trust between the domain owner and the web server owner. Trusting self-signed certificates Is usually not a good idea unless you've tested them on your own (non-production) server.

    That said, some intranets rely on self-signed certificates because traditional methods of domain validation (DV) aren't available.

    Did you find this article helpful?

    0 out of 0 Bunnies found this article helpful

    Glossary

    HTTP

    Hypertext Transfer Protocol. A protocol that connects web browsers to web servers when they request content.

    SSL

    A protocol servers use to establish trust to a client.

    TLS

    TLS, or Transport Layer Security (TLS) is a successor to SSL-based encryption.

    Prove your Knowledge.
    Earn a bunny diploma.

    Test your knowledge in our Junior and Master Quizes to see where you stand. Prove your mastery by getting A+ and recieving a diploma.

    Start the QuizBunny with a diploma.