SSL certificates are used on the Internet for securing all the data sent between web servers, devices, clouds, phones, computers, etc. SSL certificates are intrinsic in the encryption of communications using SSL and TLS. You can not have secure communications without these
What is an SSL Certificate?
SSL Certificates are a set of files that enable the Web Server to provide asymmetric encryption with any connecting computers, devices, or other Servers (also known as the client). These SSL files include:
~ Signing Request: A file ending in a .csr extension which is presented to a 3rd party and which is used by that 3rd party to generate the public key
~ Private Key: A file ending in a .key extension which is installed on the server, which is kept secret and secure
~ Public Key: A file ending in a .crt extension which is installed on the web server, but which is downloaded to any connecting device (client). You receive a copy of this file without interference with the security of the system
~ Intermediate Certificates. Additional files provided by 3rd parties that generated and signed your "public key". These are public files and need to be installed on the web server so that connecting devices can properly verify your site’s identity. If you forget to install this anyone connecting to your web site may get SSL warnings
What is TLS
Transport Layer Security (TLS) and Secure Sockets Layer (SSL), both of which are frequently referred to as SSL. These are cryptographic protocols designed to provide communications security over the Internet and or computer network. Several versions of the protocols are in widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP. The main aim of the TLS Protocol is to provide privacy and data integrity between two communicating applications or programs
What does a SSL Certificate consist of?
The "public key" file of your SSL certificate contains several important pieces of information such as
~ Information for encrypting data
~ Information about your Domain and possibly also your company
~ Dates that the certificate is valid and when it expires
~ Information about what company or organization if applicable signed the public key
The private key information for your SSL Certificates contain only information for encrypting data. It does not expire or have any details regarding your company or domain name. The Signing Request contains all of the same information as the public key except for information about who has signed it
What is a Self Signed Certificate
Is a certificate in which you have signed the certificate (e.g. when ether you and or your hosting company created it). These certificates are free and anyone can make them with any information within regarding company, organization and domain. But anyone who connects to a web server using a self-signed certificate will receive a significant warning message that the server it is connecting to is not trusted and that you should only proceed with extreme caution. Self Signed Certificates are usually used for Services hosted inside of your own corporate network where you control who has accesses and your staff trusts your own certificates. Public services where the users care only about the fact that the data is encrypted and which do not care who is on the other end of the data stream (this is rare)
What exactly is a Certificate Signing
A company that signs your certificate must first verify your right to the certificate in question. Then they add the appropriate information to the certificate to see that they have verified your ownership of and right to this SSL certificate. They check that the domain name in the certificate is actually owned by you and the people in charge of the domain approve the creation of this SSL cert. If there is information about your organization (e.g. your company name) in the certificate, then this must also be verified. Be careful of certificates signed by very cheap SSL providers like GoDaddy
What is an EV SSL Certificate
Why does it turn the browser green?
An EV certificate is an Extended Validation SSL Certificate. For these the 3rd party signer goes through a significant effort to verify the company and domain in the certificate. Visiting a site that has an EV certificate generates a high degree of trust that the site is really the one you are trying to connect to. As a result, most web browsers identify this with a green address bar.
What is a Wild Card SSL Certificate
A wild card certificate covers a wide range of domains. the certificate for rshweb.com” covers all direct subdomains of rshweb.com”. For example it can cover "domain.rshweb.com" "support.rshweb.com" and pretty much any "Sub Domain" you want or need. The benefits of a wild card certificate are you only need to buy 1 SSL Certificate to cover a large number of similar domains. While wild card certificates are more expensive, in general, they are a good value if you have many domains to protect
Will adding an SSL certificate to my website make it Secure?
No, adding an SSL certificate to a Website does not make the entire site secure. Once you have an SSL Certificate for your website you need to ensure that web pages that require security are only accessed over SSL. You will need to link to them with https:// and not http://
You may also want to construct your site so that secure pages cannot be accessed via insecure links (e.g. http://). RSH Web Services will help provide your web site for files only accessible over SSL
Are pages ending in ".shtml" Secured?
It is a common misconception that “.shtml” web pages are “Secure HTML”. This is not true. The “S” stands for Server-Parsed and is related to "Server-Side Includes" web pages. This has no bearing on security of encryption and does not mean that the page is secure
Also see our SSL Frequently Asked Questions page
Tweet Share Pin Tumble Email