There’s a major security difference between “http” websites and “https” websites in regards to an environment in which you’re sending and receiving data. For example, entering sensitive data in an insecure environment is a risky move as it’s easier for hackers and other cyber criminals to steal.
In this article, I’ll give a brief overview of what an SSL certificate is, how you can recognize secure websites, how an SSL certificate offers protection and how the encryption method works. Also, I’ll show you what alternatives to opt for when a website is not secure.
What is an SSL certificate exactly?
SSL stands for “Secure Sockets Layer” which basically is a digital certificate that tells every visitor who’s connecting to the website: the website is secure.
The SSL protection enables a function that encrypts all the information you send and receive from a website. That way, it’s protected and safe against a third party that might be after your payment or personal data.
Every SSL certificate contains four characteristics:
The name of owner who’s holding the certificate
Unique serial number and a date stating till when the certificate is valid
Copy of the public encryption key of the owner
Digital signature of the Certificate Authority - a company that can authorize certificates
How to Recognize a Secure Website?
It’s quite easy to recognize a website with an active SSL certificate. You’ll namely see a green padlock in your browser’s address bar, in front of the website’s URL you’d like to visit. In addition, the green padlock is followed by an S in “https” instead of “http.” The “S” stands for “Secure.”
It looks like the following example:
HTTPS/SSL protection ensures that the traffic between your web browser and the website you’re visiting is protected by an encryption module, which means that if someone is snooping on your internet activities, they won’t be able to see your activity on that website.
Also, they won’t be able to see what login credentials or payment information you entered on that website.
That being said, an SSL certificate is especially important for certain websites such as banks, credit card and shopping websites because the visitors will leave their payment information on the web server.
Without encryption, that information would be visible in readable text but encryption makes sure it’s in an unreadable format.
SSL Certificate Encryption Method
SSL certificates are based on public key cryptography. In other words, this type of encryption has two keys: a private key and a public key. A key is a long string of randomly generated numbers and characters.
The public key is used to encrypt all the traffic that is sent to the web server, while the private key is used to decrypt the information that is being sent. Only the web browser knows the private key while the public key, is public to everyone.
So, how does this process work, exactly? Let me explain in a few steps:
The web server provides a copy of the public key in the SSL certificate in the browser
Next, the browser establishes a session key, which is encrypted with the website’s public key and sends it to the server
Then, the web server decrypts the encrypted session key to get the symmetric key
When that process is finalized, there’s a secure channel for the browser and the web server to send and receive data in a safe environment
What Alternatives to Opt for When a Website Is Not Secure?
In case you visit a website without SSL encryption, you should never make a purchase or enter personal or payment information. Instead, visit the website of “HTTPS Everywhere.” It’s an extension that will encrypt all communication between you and the website without SSL encryption. The extension is available for Firefox, Chrome, Android and Opera.
The extension rewrites your http request to the web server to a https request, which means that the data you send or receive is encrypted. The extension is also helpful for websites that don’t offer site-wide SSL encryption, because some websites only offer SSL encryption for certain pages.
Unfortunately, HTTPS Everywhere is not available for Safari and Internet Explorer. However, as an alternative, IE users can install a different version of HTTPS Everywhere by Zscaler tools. Safari users are completely left out, because the code of Safari is technically not allowing to rewrite HTTP requests.
Let’s Recap
It’s clear that SSL certificates are essential when it comes to the protection of your personal data and payment information that you send to a website. It’s creating a secure communication channel every time you visit the website, which keeps snoops from stealing or prying on your sensitive information.
Also, we’ve learned that it’s quite easy to see if a website has an active SSL certificate. And even if a website doesn’t provide SSL encryption, you can always install HTTPS Everywhere to rewrite the http request, so you can safely enter any information.
For now, keep browsing safely, my friends.
This guide is brought to you by Bill Hess. For additional posts, tutorials and security tips, don’t forget to head over to PixelPrivacy.com.