SSL Certificate is the abbreviation for Secure Socket Layer. The layer is used to address the transport layers with which the data exchange between two computers is represented graphically. The applications are arranged on the top level. The hardware is located at the very bottom of the model. We offer a free ssl certificate In the ideal case, seven layers can be defined, to which, in the ideal case, a protocol or program can be assigned. All layers help to ensure the flow of data between the two computers.
TCP / IP: secure and insecure at the same time
In real life, the model doesn’t always fit so ideally. The transmission protocol TCP / IP with its two components (TCP and IP) covers at least four layers. The protocol is a kind of Esperanto in the computer world. With the exception of the Zuse computers, all computers and operating systems probably support TCP / IP (resourceful inventors even taught the ZX81 TCP / IP). It is easy to implement, robust and safe – operationally reliable. When TCP / IP was invented almost 30 years ago, the main objective was to create a fail-safe and stable connection with high operational reliability. The security and authenticity of the transmitted data played a subordinate role.
New layers in SSL Certificate
With TCP / IP the desire for secure connections in terms of data security could not be realized. There is no Internet without TCP / IP. The Netscape company solved the problem in the following elegant way: The developers added two more layers to TCP / IP.
- SSL record protocol
- SSL handshake protocol
This also explains the term “layer”; Functionally, they lie between the tasks of TCP / IP and the applications. From a visual point of view, these two layers lie directly on top of one another and are therefore referred to by some authors as a single layer. Although all sorts of software know-how rages on in these two layers during a secure connection, it is transparent for the adjacent layers: Neither the application (the browser, nor the transport layer underlying the SLL protocol notice the effectiveness of the SLL protocol In plain language: SSL Certificate does not require changes to existing applications or new transport protocols.
During a secure connection, the computers involved communicate exclusively via the mechanism provided by SSL. If the secure connection is not available, the SSL Certificate protocol switches off.
At the center of the SSL protocol is the digital key pair consisting of the public and private key of the server and the ID of the certification authority. Each virtual web server needs its own key pair, because the domain name is one of the things that goes into the ID.
Every SSL Certificate -protected homepage needs its own IP address. Providers who operate thousands and thousands of presences on their servers on a single machine and under a single IP address must therefore be appropriate when providing an SSL certificate or use technical aids.
This is how the trick works: The visitor’s browser does not connect to the actual order page, but to a special server (SSL proxy) of the provider. The connection is only secured until then. The proxy server then forwards the visitor’s information to the actual destination, for example an order page.
The forwarding from the SSL proxy to the order page is then no longer secured. That can mean a loss of security if many customer servers are accommodated in the provider’s network, which can possibly eavesdrop on the now unprotected data stream.
How does a TLS / SSL certificate work?
Your client establishes a connection to a server and usually the server first authenticates itself to the client with a certificate. Then either the client sends the server a secret random number encrypted with the server’s public key, or the server and your client calculate a shared secret using the Diffie-Hellman key exchange method . A key is then calculated from this secret, which is then used to encode the communication with symmetrical encryption , some times browser told you about SSL Connection Error on your android phone.
An SSL certificate is nothing more than an agreement between your client and a server in order to be able to encrypt your data to be transmitted to the server.
What is not secured
The SSL Certificate protocol secures the transmission between a domain on a web server and the visitor to this domain. The on-line customer (visitor) can be fairly certain that his credit card number is protected against being searched on the way from his computer to the server of the shop operator. What then happens to the securely transmitted data is beyond what is regulated by the SSL protocol.
For the customer who discloses his account information trusting the SSL security, it is not clear how the shop operator processes this information. Cases have become known in which the data processor then saved the data that was transferred in an unsecured manner on the server. After a successful hacker attack, the sensitive data was suddenly in the wrong hands.
Online via SSL certificate
It is safe if the recipient calls up the data via an SSL-secured connection via the browser or via SSL-secured POP3 retrieval and then deletes it on the server. You can only tell yourself whether the recipient of your credit card number actually does this. The SSL protocol is only responsible for the delivery of the data to the server, not for the delivery.
This means, however, that the shop owner has to take action manually on a regular basis. This is of course a bit impractical and annoying.
It is more convenient if the order with the payment information arrives at the office in one wash by eMail. Many shop operators and other users of SSL-secured data transmission combine the transmitted data with the other order data into a handy text file that reaches the recipient as an email.
It is roughly as if you had carried your valuable cargo through all the hazards of this world with great effort and then left it unguarded in the waiting room of the main train station.
It is better to encrypt the collected information on the server using PGP before sending it as an email. The file saved in this way can be sent with confidence. No one except the recipient can read the information.
This requires a certain amount of additional effort on the part of the shop provider or the provider. However, it is a one-time process. The ongoing operation is as easy as picking up emails.
Unfortunately, anyone who uses SSL-secured transmission for confidential information cannot tell whether this data is worth the extra effort for the recipient.
If shop operators value the security of customer data more, they should clearly highlight this on the homepage. Because the SSL Certificate protocol is only half the security.
The following rules of thumb offer an initial indication of the security that the operator of a website can offer.
- Websites that are on the servers of well-known mass hosts only offer the use of an SSL proxy because of the multiple use of IP addresses that are common there. This is an SSL server that is placed in front of all other websites. The data is only transmitted securely up to this server and then passed on to the website unsecured.
- The ready-made shops of the mass hosts usually offer the possibility of querying the data via SSL-secured web interface or of having the information sent to you via SSL Certificate -secured email.
- Information that is collected on sslsfree.com is sent to the recipient in PGP-encrypted form by default.