What is the SSL certificate we see on websites? Why is it important? What does it do? We will try to answer these questions about SSL certificate in our article.
Secure Sockets Layer is named after the initials of the words. As the Turkish equivalent, it would not be wrong to say “Safe Nest layer”. So why is it important and what does this SSL certificate do?
What does an SSL Certificate do?
When a web site uses an SSL certificate, it creates a secure connection for its visitors. What does this mean?
When visitors type an address into the address bar of the web browser on their device, a communication occurs between the browser and the server where the Website is hosted. The server prepares the data and sends it to the client, that is, to the web browser that requests the data.
Any 3 if this communication is not encrypted. the party has a chance to monitor all communication. That's where SSL comes in. The server of a web site that has obtained this certificate creates an encrypted connection between the client and it. Thus no 3. it's not likely to be watched by the side.
Okay, 3. what's a side? For example, internet service providers that we call ISPs, a hacker who tracks the line, a virus or trojan on your computer... we can give many more examples.
What Data Can They See?
If this certificate is not available, they can track everything written to the web browser. For example;
• user name,
• expressions in form fields, and so on.
In addition, the server's response to the client is one of the information they can observe. For example, imagine that you work in a job with a high degree of confidentiality. If you click on a report or customer information with a high degree of privacy, they can track the responses that the server sends to your browser.
Why is SSL certificate important?
The user name and passwords that the browser sends when entering a certified and installed website are encrypted. Responses that the server sends to the client are also encrypted. Thus, the data becomes readable only by these two devices.
For this reason, SSL is very important in privacy and security issues.
Google has a lot of effort in bringing SSL to today. As of July 2018, Google has labeled all websites that do not contain SSL certificates as unsafe under its past policy. He didn't settle for it and started showing it in lower ranks in search results.
Annoyed by this negative situation, site administrators also quickly received and uploaded their certificates. In this way, they were instrumental in making the internet safer for all users.
How do we know which sites have SSL certificates?
Today's browsers query and show it to us during a visit to a website. The lock image and https expression that we see in the address bar indicate that the server hosting this site has the required certificate.
In addition, many browsers warn you when you want to visit a site without https.
Types of SSL certificates
There are different types of SSL certificates. The owner or administrator of the website decides which certificate to receive based on the nature of the structure it represents. SSL certificate types are named using EV, OV and DV names. Now let's see what it means.
This is the highest level of Certificate in terms of security level. We can say that the authority issuing the certificate is fine sifting and weaving frequently the website of the administrator who wants the certificate. After verifying the Site domain, it also investigates the applicant company. So much so that he is trying to determine the actual existence of the company. It also examines and confirms its operational activity.
This is what institutions like banks, big e-commerce sites prefer. Let's go to any bank's website or an e-commerce site whose name we hear all the time. In general, when we click on the lock mark on the side of the address bar, we can see this certificate and its details.
Organization Validated (OV):
The authority issuing the certificate first confirms the domain, i.e. the domain name. After that, he confirms the existence of the company. In the certificate, we also see the information of the company that manages the website in this type of certificate.
Domain Validated (DV):
It is the simplest type of certificate. Many sites that we visit while browsing the web have this certificate. For a website that generally passes because this is the most logical in the sense of cost.
The authority issuing the certificate only confirms the domain name. We do not have a chance to see detailed information about the person or institution that manages the website in the certificate.