How does SSL work and how to install it on a website?

SSL TLS

When you see “https” in the address bar, it means that the data you send and receive from the site is secure. This sign signals that the site uses SSL/TLS certificates for encryption.

In this article we will explain what SSL and TLS are, why they are needed and how they protect user data on the site.

What are SSL and TLS?

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are technologies that encrypt data on the Internet. This means that the information you send or receive is protected from prying eyes.

 

SSL

History and evolution of SSL/TLS

SSL was developed at Netscape in the mid-1990s. It was the first technology that encrypted data between the browser and the server. Several versions of SSL have been released. Each of them improved security and fixed vulnerabilities of the previous ones.

Transition from SSL to TLS

TLS is designed as an enhanced version of SSL. It was introduced in 1999 to address vulnerabilities and improve encryption methods. TLS 1.0 was the first standard after SSL 3.0 and has continued to evolve ever since.

Why did TLS replace SSL?

TLS replaced SSL because it provided a higher level of security and fixed SSL's vulnerabilities.

How does the SSL protocol work?

SSL works in several stages:

  1. Handshaking is the process by which the browser and the server establish a secure connection. During the handshake, they agree on encryption methods and exchange keys.
  2. Encryption. Data is encrypted so that it cannot be read by outsiders. This makes the information inaccessible to intruders.
  3. Decryption. The received data is decrypted on the receiver side so that it can be read.

Example of SSL operation with client and server

When you visit a site with SSL, the browser and server exchange keys to encrypt the data. This ensures that only you and the site can read the information. For example, if you enter personal data on the site, it is encrypted and transmitted to the server in encrypted form. The server decrypts the data and processes it.

What is an SSL certificate?

An SSL certificate contains several key elements:

  • Public Key. Used to encrypt data that can only be decrypted using a private key stored on the server.
  • Signature. Confirms that the certificate was issued by a trusted certificate authority (CA) and has not been tampered with.

Why are certifications important for security?

Certificates ensure that you are communicating with the site you intended to go to and not a fake one. This confirms that the data you send is secure and will not be intercepted by malicious users.

Types of SSL Certificates

DV (Domain Validation)

Confirms only that you own the domain. This is the easiest and fastest option for obtaining a certificate.

OV (Organization Validation)

Confirms your organization and domain. This certificate requires more verification, but provides more trust from users.

EV (Extended Validation)

The highest level of verification, showing your organization name in the browser address bar. Suitable for large companies and organizations that need a high level of trust.

Wildcard certificates

Allows you to protect not only the domain, but also all subdomains. This is convenient if you have many subdomains that should be protected as well.

Multi-Domain SSL and UCC

Allows you to protect multiple domains with a single certificate. This saves money and simplifies certificate management.

Paid and free SSL certificates

Paid certificates offer additional features such as higher validation, support, and guarantees. Free certificates, such as those from Let's Encrypt, provide basic protection and are suitable for most small sites.

let's encrypt

How do I check if a website has an SSL certificate?

There are several ways to make sure that the site has an SSL certificate.

The first is to look at the indicators. The lock icon and “https” in the browser address bar indicate the presence of an SSL certificate. This is a sign that the connection between the browser and the site is secure.

https

You can also check the site in SSL Checker.

How do I get an SSL certificate?

Let's say you own a website and want to install SSL. Choose a certificate provider. You can install Let's Encrypt or buy a certificate.

Let's show you how to install a free Let's Encrypt certificate on your website:

First: Install Certbot

Certbot is a tool from Let's Encrypt that automatically generates a request and installs a certificate. To install Certbot, follow the instructions for your OS:

For Ubuntu/Debian:

sudo apt update

sudo apt install certbot

For CentOS/RHEL:

sudo yum install epel-release

sudo yum install certbot

Second: Start Certbot

Use Certbot to create a request and retrieve a certificate. Depending on the server, the command may vary slightly. For example:

For Apache:

sudo certbot --apach

For Nginx:

sudo certbot --nginx

If you are not using a server, you can create the certificate manually:

sudo certbot certonly --standalone

Certbot will ask you to enter your domain name and e-mail address. After that it will create a request and send it to Let's Encrypt.

Third: Install the certificate

Certbot will automatically install and configure the certificate on the server. If this does not happen, you can copy and install the certificate manually. The instructions in the Certbot documentation will help you here.

Fourth: Set up automatic updates

SSL certificates from Let's Encrypt are valid for 90 days, so you need to configure automatic renewal. To automatically renew certificates, add this line to crontab:

0 0 * * * /usr/bin/certbot renew --quiet

Fifth: Confirm domain rights

Follow your ISP's instructions to confirm that you own the domain. This may include sending confirmation documents or performing simple actions on the website.

That's it. The installation of the free certificate from Let's Encrypt is complete.

Don't forget that SSL/TLS certificates are like a lock on the door of your house. If the lock is rusted or broken, you need to replace it to protect your property. Similarly, it's important to keep your certificates up to date. Update them on time to avoid risks and keep user data safe.