How HTTPS works?
So, how does HTTPS ensure that you’re connected to the correct website?
Your browser uses an SSL/TLS certificate and the certificate authority that issued it to authenticate each HTTPS website that you visit. Here’s how it works…
Step 1: Getting a Certificate
First, the website needs to have an SSL certificate issued by a publicly trusted certificate authority. An SSL certificate is a lot like a passport — but it’s for websites, not people.
To get a valid SSL certificate, the website owner will have to go through a few steps:
- Generate a public key and a private key (more on how they’re use later).
- Go through a specific process to prove to the certificate authority that they’re the actual owner of the website.
- In the case of OV and EV SSL certificates, the website owner also has to prove that they’re an actual, legally registered organization.
Once those steps are completed, the certificate authority issues an SSL certificate to the website owner. This certificate is installed on the webserver and is automatically provided every time someone visits the website via an HTTPS:// URL.
Step 2: “Passport, Please!”
When you visit an HTTPS website, the website sends its SSL/TLS certificate to your web browser. Let’s use our website as an example. If you click on the padlock in your browser, then click to view certificate details, you can see our website’s certificate and the information it includes.
Some websites (like ours) have certificates that also show their company details (such as company name, location, etc.). These are called organization validation (OV) or extended validation (EV) certificates. The company details are also verified, so you can be 100% confident you know exactly who is running the website you’re on.
Step 3: Verifying the Certificate
Now we come to the critical step — verifying the website’s SSL certificate. Just because the website presents an SSL certificate doesn’t mean that your browser should trust it. After all, as Albert Einstein famously said:
Fortunately, your browser has a way it can verify the website’s SSL certificate to ensure it’s accurate and not fake. Specifically, your browser will verify whether:
- The website’s SSL certificate was issued by a certificate authority on the browser’s trusted list. (The browser uses the certificate authority’s digital signature to instantly confirm that the certificate authority issued the website’s certificate.)
- The SSL certificate is valid for the website domain/URL you’re visiting.
- The SSL certificate is currently valid and has not expired or been revoked.
If the certificate passes those checks, your browser will display the website, along with HTTPS:// and a padlock next to the URL.
If you look at our website’s certificate, you’ll see that it is issued by DigiCert. Our website’s certificate includes a digital signature from DigiCert that your browser can use to verify the certificate is valid and was issued by DigiCert.
What Happens When a Browser Connects to an SSL Secure Site?
- A third party has authenticated the website. The website has been authenticated to verify it is the website it claims to be — if your browser bar says https://www.amazon.com, you can be confident that you’re actually on amazon.com.
- The site uses encryption. Data you send to/from the website is encrypted so other parties can’t see/steal it—you can submit credit card numbers or other sensitive data and know that nobody can intercept your info while it’s making the trip to amazon.com.
Sebastine opinion On Key Features of SSL Certificates:
To secure a site, it is best to review under the SSL provider, is the key features and details of the SSL protocol. Types of SSL Certificates are standardized across the industry, but the following should be considered before ordering.
#1. Web Browser Authentication:
SSL must be verified by the latest major browsers. Authenticated SSL certificate authorities will generate warnings in browsers that will create negative impressions of visitors to the website and online customers. In other words, SSL certificates are highly compatible.
#2. SSL Encryption:
SSL is the industry standard 128-bit or 256-bit SSL encryption. The certificates are generally in this piece because of the range of browser/server / OS. 128/256 bit SSL encryption is the best option to go to the store or business safe and secure for visitors and other users online.
#3. Assurance SSL:
Before you purchase an SSL certificate from an SSL reseller, we must be aware of the cancellation of the SSL protocol and warranty policy in the case of SSL does not work.
#4. SSL Support:
SSL support if you make the installation process and the selection process. SSL support must always be there, through various communication channels such as chat, email, or phone at any time, 24/7/365.