Web Tutorials

Secure Sockets Layer (SSL) Certificate Encryption

Secure Socket Layers or SSL certificates are what make a website more secure than websites without an SSL certificate. They ensure a client using your website that any form of data sent and received by the client and server are encrypted. This then prevents any third-party attackers from obtaining any data from the client. Even if you’re not aware of SSL certificates, it is likely you already know what they are. They are the padlocks located at the right side of a “domain name” that tell you if a website is secure. The domain name is basically the name of the website.

How do they work?

SSL certificates are issued by Certificate Authorities or CA. CAs are organizations that issue digital certificates for website owners. There are a number of procedures included to grant a website owner his/her own SSL certificate. But they all boil down to one thing, granting website owners a secure connection between their clients and their web servers. Some Certificate Authorities however require the website owner to pay for the SSL certificates before they’re issued. The SSL certificate cryptography uses what’s known as a public and private key encryption. They’re basically two different keys used to encrypt and decrypt information. But one of the keys was derived from the first key.

Even if you don’t know the technology behind these encryptions, what’s important is that you know if a website is secure or not.

Here is a list of the current best certificate authorities:

1. Let’s Encrypt

2. Comodo

3. Symantec

Pros and Cons

It is guaranteed that SSL certificates are vital for the privacy of a client. However, this does not guarantee that the website is a legitimate one or not. There are some hackers that use a cyberattack known as phishing. Phishing happens when a hacker acts like an employee or member of a prestigious organization or bank. They then spam people via emails, messages, or calls and make up an excuse to visit their fake website. Some hackers may tell a person that they’re credit card was used to buy a certain product and that they have to login to their bank account to verify this before 24 hours. However, the website that the client might use is the link sent by the hacker. Therefore, the client is on the fake website made by the hackers. Even if the fake website is issued with an SSL certificate, the owner of this website is the hacker. After you’ve entered your private information, the information is sent to the hackers. They would then go to the real website of the bank or organization that you’re apart of and login with your information. With that, they’re able to change your password. So the next time you login to the bank with your old password, you will be denied access. And now the hackers will have taken all your money.

Do not worry if the website you have visited does not contain an SSL certificate. As long as you don’t input any personal information to the site you are safe.

How do I know if a site is legitimate?

1. Check for an SSL certificate.

If the site is not issued an SSL certificate, then remember to never put any personal information into it. However, if the site does not require you to input any personal information, then it’s still safe to use the site since there is no exchange of information. That is the no. 1 rule to remember with websites with no SSL certificates.

2. Check the domain name.

If the domain name is misspelled, most likely it is an phishing site. I assure you that no organization would misspell their own name in their website.

3. Check for grammatical errors.

This is a minor detail to note when verifying if a site is legitimate or not. Although this will save you because this gives off a hint of fraud when too many grammatical errors have been made. Most businesses would have a content management team to verify that the content posted on their site is accurate and precise. Unlike these legitimate organizations, some hackers may not care about the content written at all. They may just make it seem like there’s content when there isn’t at all.

4. Inspect the contact information.

Inspecting a website’s contact information would tell you if a site is legitimate or not. A phishing site’s goal is to obtain the client’s information. Therefore, if a site does not contain any contact information whatsoever, don’t enter any personal information without any contact details.

If the site you’re visiting has passed the test, then most likely it is the official site. However, if you are still paranoid about the site, you are free to check out the site’s ownership information via a whois-search. It’s an online tool where in you’ll find out the ownership information of the site.

Don’t worry too much about these cyberattacks because a browser will always display the legitimate sites first. This already ensures the user that the site they have clicked is the legitimate site.

What is TLS?

TLS or Transport Layer Security, is known to be the successor of the SSL certificate. Although both of these are used to encrypt data between the client and the web server, they both are used interchangeably. However, the technology behind both cryptographies are different from each other.

References

How to Tell if a Website is Real or a Scam. (2018, March 5). Retrieved from https://coins.ph/blog/how-to-tell-if-a-website-is-real-or-a-scam/
Julie Olenski. (2020, February 13). SSL vs TLS - What's the Difference?. GlobalSign. https://www.globalsign.com/en/blog/ssl-vs-tls-difference

Leave a Reply

Your email address will not be published. Required fields are marked *