Web Security and SSL by John Pereless
Introduction: Do you know what is SSL? SSL stands for Secure Sockets Layer, an encryption or cypher technology that was created by Netscape to make the web pages more secure and trusted resource for the owners. SSL creates an encrypted or in a simple form we can say a coded connection between web server and your audience/users web browser permitting for secured/personal or private information to be transmitted without the hurdle or fear of intrusion or eavesdropping, data tampering, or message forgery by any means.
To apply or install SSL on a web resource/website, you will need to get an SSL Certificate that recognizes you and install it on the server. The application and use of an SSL certificate on a website is generally indicated by a padlock icon [A lock with some green text in a horizontal bar from the left most corner of your browser address bar] in web browsers but it can also be indicated by a green address bar sometimes. Once you are done with the SSL installation, you can access a site securely by updating a URL from http:// to https://. Whenever an SSL certificate is installed on a particular website, you are assured about your information and safe browsing. Whatever info you provide, it will be safe and secure (contact or credit/debit card pin info etc), is secured and only available to organization that owns the business.
There are millions of online businesses use SSL certificates to secure their websites data and allow their customers a place of trust and confidentiality. In order to install the SSL protocol in your website’s code, a web server requires the use of an SSL certificate[A place that can manage the coding and decoding of data on its start and destination route]. SSL certificates are provided by Certificate Authorities (CAs).
Do you really need it?
Of course yes if you deal and manage some interactive application or e commerce through your website. The main purpose of installing an SSL is to keep the trespassers away from all your secured data and this purpose can not be fulfilled if you just use some traditional website development methodologies on sending the data through form via get or post.
The Technicalities involved in SSL:
To have the capacity to make a SSL association a web server requires a SSL Certificate. When you decide to enact SSL on your web server you will be provoked to finish various inquiries regarding the personality of your site and your organization. Your web server then makes two cryptographic keys - a Private Key and a Public Key.
The Public Key does not have to be mystery and is set into a Certificate Signing Request (CSR) - an information record likewise containing your points of interest. You ought to then submit the CSR. Amid the SSL Certificate application prepare, the Certification Authority will accept your points of interest and issue a SSL Certificate containing your subtle elements and permitting you to utilize SSL. Your web server will match your issued SSL Certificate to your Private Key. Your web server will then have the capacity to make a scrambled connection between the site and your client's web program.
The complexities of the SSL convention stay undetectable to your clients. Rather their programs give them a key pointer to tell them they are at present ensured by a SSL scrambled session - the lock symbol in the lower right-hand corner, clicking on the lock symbol shows your SSL Certificate and the insights about it. All SSL Certificates are issued to either organizations or lawfully responsible people.
Ordinarily a SSL Certificate will contain your area name, your organization name, your location, your city, your state and your nation. It will additionally contain the lapse date of the Certificate and points of interest of the Certification Authority in charge of the issuance of the Certificate. At the point when a program interfaces with a safe webpage it will recover the website's SSL Certificate and watch that it has not lapsed, it has been issued by a Certification Authority the program trusts, and that it is, no doubt utilized by the site for which it has been issued. In the event that it comes up short on any of these checks the program will show a cautioning to the end client telling them that the site is not secured by SSL.
