WittCode💻

SSL Certificates Explained

By

Learn what an SSL certificate is, the contents of an SSL certificate, what SSL (secure sockets layer) is, what TLS (transport layer security) is, and how to view the contents of an SSL certificate with openssl.

Table of Contents 📖

What is SSL?

Before we learn what an SSL certificate is, we should talk about what SSL is. SSL, or secure sockets layer, is a security protocol introduced in the year 1995 that creates an encrypted connection between two entities over a network. These two entities are typically a server and client with the server client pair being a web server and browser, mail server and mail client, etc.

Why do we need SSL?

Having an encrypted connection between a server and client is important as it secures the transactions between them. An unencrypted connection is vulnerable to having its data read or modified as the data is exchanged between the server and client. Imagine having login information, credit card numbers, etc. sent over the internet without any form of encryption.

What is an SSL Certificate?

A secure sockets layer certificate, or SSL certificate, is a digital certificate that verifies a website has an encryped connection. When a website uses SSL, there will be a SSL certificate associated with it. SSL certificates are issued by certificate authorities (CA). A CA is reliable for verifying the authenticity and trustworthiness of a website.

We can see if a website has an SSL certificate by looking for a padblock icon to the left of the address bar. This padlock reveals that the website' connection is secure. Furthermore, if the URL of the website begins with https instead of http then the connection is secure. HTTPS is the secure version of HTTP and refers to HTTP over SSL.

Contents of an SSL Certificate

SSL certificates contain information such as the domain name, the name of the authority that issued the certificate, the certificate's issue date, expiration date, and more. We can check the information in an SSL certificate using the openssl command in a linux terminal.

openssl s_client -showcerts -connect wittcode.com:443

The openssl command is a command-line tool for working with various cryptography functions. This command specifically connects to wittcode.com on port 443 and displays the server certificate that was sent by the server. Output should be similar to the following.

CONNECTED(00000003) depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root verify return:1 depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3 verify return:1 depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com verify return:1

Certificate chain 0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256 v:NotBefore: Sep 16 00:00:00 2022 GMT; NotAfter: Sep 16 23:59:59 2023 GMT

How Do SSL Certificates Work?

SSL certificates establish an encrypted connection through public and private key pairs. For a concrete example, lets use a browser as the client and wittcode.com as the web server. First the browser requests a resource from wittcode.com. The wittcode.com server responds with its public key and SSL certificate. Once the browser receives the certificate, it checks its digital signature to make sure it is valid. A valid signature means that a certificate authority signed the certificate with its private key. Now the browser creates a shared key, encrypts it with its public key and sends it to the web server. The browser also keeps a shared key for itself. After the web server receives the shared key, it decrypts it with its private key. Now all traffic is encrypted and decrypted on both ends with their shared keys.

Image

What about TLS?

The terms TLS and SSL are often used interchangeably but TLS, or transport layer security, is the successor to SSL. Nevertheless, the goal of the two protocols is essentially the same.

SSL Certificates Explained