Table of Contents
What is SSL?
SSL (Secure Sockets Layer) describes a protocol that authenticates and encrypts Internet connections. In recent times SSL has been replaced by Transport Layer Security (TLS), but SSL is still often used as a synonym for encrypted Internet connections.
In the 1990s, Netscape developed Secure Sockets Layer for the Netscape Navigator browser. Until the late 1990s, SSL encryption was the standard for secure Internet connections. SSL 3 was the last version with this name, which was incorporated into TLS. The Transport Layer Security (TLS) protocol replaced SSL as the standard in 1999.
The classic use case of SSL or TLS is the encrypted data transmission via HTTP. The HTTPS certificate is optional for Web pages, but there are hardly any companies and organizations that are sensitive to a backup data without. In addition, HTTPS is now even one of Google’s ranking factors and therefore an important point in search engine optimization. In addition, encrypted sending of emails via SSL is also possible. Other methods such as EAP-TLS, EAP-TTL, PEAP and the LDAP protocol also rely on SSL.
Why Do Companies use SSL/TLS?
SSL or TLS is an important component in order to meet the principles of information security in online processes.
Encrypted data transmission: Whether between two servers, from browser to server or from application to server – SSL protects data during transmission.
Authentication of the server: The requested server is authenticated using SSL.
Data integrity: If data transmission is protected by SSL / TLS, webmasters and users can be sure that the content has not been manipulated.
Due to its numerous advantages, SSL encryption is used in many areas, including for securing online credit card transactions, for secure data transmission in online banking and online shops , for webmail and for forms on websites.
Different Types of SSL Certificates
Not every SSL certificate is equivalent! Validation levels certify a different scope of testing by the Certification Authority and thus also represent different security standards.
What Are the Validation Levels?
SSL certificates are differentiated according to the different scope of testing, i.e. different validation methods.
Domain-validated SSL certificates (DV) only confirm that the visitor is on the website named in the certificate. Domain-validated SSL certificates do not differ from organizational or extended validation certificates in terms of encryption strength. They should be used by anyone who only needs encryption, e.g. for a login or admin areas (are the inexpensive SSL certificates).
Organization- validated SSL certificates (OV) are the more professional variant, as they confirm the identity of the site operator in addition to encryption. Visitors to a website with this type of certificate can be sure that this company actually exists. They are mostly used by eCommerce websites and anyone who wants to prove that their website and business can be trusted.
Extended validated SSL certificates (EV) The address bar for these certificates is colored green and the company name is also mentioned in it. This certification carries out a very strict identity check. It is used by various national and international brands. Everyone who wants to get the utmost trust of their online visitors, for example to prevent phishing attacks on their company.
SSL certificates can be issued as single, multi-domain and wildcard versions.
SSL Certificate Guarantee
Message protection: With a unique encryption process, SSL encrypts all data that is exchanged between the server and browser, such as: B. Credit card numbers and other personal information. This guarantees that third parties do not have access to personal data from the SSL session.
Message integrity: The data cannot be manipulated via the Internet.
Authentication: The website is actually owned by the organization that is registered as the owner in the certificate (in OV and EV certificates).