What are SSL certificates?

When a user accesses a website, data is transferred between the client (browser) and the server (website). This data is not safe to send in the clear because it may be read by an attacker. This is a problem if we are sending sensitive data like credit card details, passwords, or personal information over the Internet.

SSL (Secure Sockets Layer) certificates create an encrypted environment between a client and a server. A Secure Sockets Layer certificate (SSL certificate) is a small data file installed on a Web server that allows for a secure connection between the server and a web browser.

The certificate is base64 encoded and contains the following information:

  • Name of the entity to which the certificate was issued.
  • The public key required for encryption and digital signature verification.
  • The digital signature created with the private key of the certificate issuer.

SSL is a protocol that is used to secure the HTTP. SSL is deprecated now and Transport Layer Security (TLS) protocol is used instead. Most SSL certificates today also support the Transport Layer Security (TLS) protocol, which is considered to be more secure than SSL.

The application owner should install the SSL certificate on its web server. When an application is secured by an SSL certificate then its URL starts with https instead of http.

In the below screenshot you might have noticed a lock symbol before the URL. This symbol tells that this website is secured by a certificate.

We can click on the lock symbol to get more details about the certificate as shown in the image below. We can see the certificate and also see which Certification Authority (CA) issued this certificate.

A Certification Authority (CA) is a company or an organization which is trusted to sign, issue and revoke digital certificates. Some of the most popular certification authorities are Sectigo SSL, Symantec SSL, RapidSSL, GeoTrust SSL, and Thawte SSL.

Get hands-on with 1400+ tech skills courses.