SSL certificates establish trust by establishing an encrypted connection.
Online business requires trusting customers to make purchases. SSL certificates establish trust by creating a secure connection. Browsers offer particular visual cues called EV indicators. These include anything from a green padlock or a branded URL bar to assure that visitors are secure.
SSL certificates use a key pair, a public key, and a private one. These keys are used together to create an encrypted connection. The “subject” is also contained in the certificate. This is the owner of the certificate/website.
Table of Contents
HAT IS SECURE SOCKS LAYER? (SSL).
SSL allows secure transmission of sensitive information like login credentials, social security numbers, credit card numbers, etc. Data sent between web browsers and the webserver is usually sent in plain text. This makes it easy for an attacker to intercept your data. An attacker can intercept any data sent between a browser & a web server, see that information, and then use it.
SSL, or Secure Sockets Layer, is a security protocol. Protocols are how algorithms should work. The SSL protocol defines variables for encryption, which are used to secure both the link and data being transmitted.
All browsers can communicate with secure web servers via the SSL protocol. To establish a secure connection, both the browser and server will need an SSL Certificate.
WHAT IS THE SECURE CONNECTION OF THE SSL CERTIFICATE?
A browser attempts to access a website secured by SSL. The browser and web server establish an SSL connection through a process known as an “SSL handshake” (see diagram below). The SSL Handshake is invisible and occurs instantly.
The SSL connection is set up using three keys: the session, public and private keys. Any encryption using the public key cannot be decrypted using the private key. Once the secure connection has been established, the session key will be used to encrypt all data transmitted.
LOOK BEYOND LOCK
Clicking on the padlock icon within the URL bar will allow you to verify the identity and authenticity of the website owner. Most phishing websites today have both a padlock or DV certificate. It is essential to see beyond the URL bar lock. You shouldn’t share any information with websites unwilling to sign their certificate if they don’t want to reveal their identity. You can now make an informed decision about who to trust by seeing the name of the organization.
Symantec(r), Secure Site SSL Certificates Not Trustable.
Trustico(r), one of the largest Symantec (r) partners, has been a source of distrust for Symantec(r). This has resulted in great disruption and cost to Symantec(r). Many customers have raised questions about the doubt in Symantec(r), Secure Site SSL Certificate, and the subsequent failures and disruptions to their websites. Symantec(r), despite not responding to our specific questions, continues to offer new products under the DigiCert (r) Certificate Authority. Trustico(r), feeling that it couldn’t trust the DigiCert(r), stopped selling Symantec(r) Secure Site SSL Certificates starting February 9, 2018.
We didn’t bulk switch our customers using distrustful methods.
Before the termination of our partnership, initiated by DigiCert (r) on February 26, 2018, Symantec(r) offered relief payments to replace distrusted SSL Certificates. Before this, Symantec(r), in June 2017, funded the development of a system that Trustico(r) was to replace in bulk distrusted SSL Certificates. This was to submit orders for reissue without customer interaction.
Symantec(r) approved the schematics that detailed the process of removing an existing private key and then generating a new private key to bulk submit replacement orders. Trustico(r), however, decided not to use the system for its intended purpose. The generation and storage of private keys were discovered to be a questionable industry practice.
Symantec(r), at no point, advised that it was funding research that could have led to Trustico(r) performing a distrustful act. Trustico(r) has taken steps to ensure that it does not create or store private keys by using such methods.