TLS/SSL Digital Certificates - Securing Communications
TLS/SSL Digital Certificates enable secure communications between parties connected over the internet.
This extract on Digital Certificates comes from our post on Internet Domain and DNS Management.
Digital Certificates (TLS - Transport Layer Security and SSL - Secure Sockets Layer) rely on information recorded by a Domain Registrar about who owns the domain name. These certificates are issued by trusted organizations called Certificate Authorities (CA). A CA will not issue a certificate that can be used for a specific host name or URL without verifying that the person who is purchasing the certificate has permission to do so. Once issued by a valid CA, a digital certificate is necessary to protect the integrity and confidentiality of data transmitted over the Internet. Once installed and configured on a webserver, a Digital Certificate contains two “keys” that are used to encrypt and decrypt data.
Note - SSL is no longer officially supported by the Internet Engineering Task Force(IETF), but TLS certificates are often commonly referred to as "SSL Certs".
In addition to encryption, digital certificates allow clients to determine if a server is “authentic.” If a user attempts to access a website using a DNS host name that doesn’t match the host names allowed by the certificate, or if someone has placed an unauthorized server between the client and the server that client is trying to connect to, it will trigger an alert that tells the user that they might not be connecting to the server they want to.
Unauthorized servers cannot obtain a valid certificate, so the use of a digital certificate to authenticate the server is very important for preventing certain kinds of “man-in-the-middle” attacks. To function this way, however, certificate issuance must be tightly controlled. This is done by verifying ownership of the domain names used to generate the certificate. TLS/SSL encryption utilizes digital certificates to provide the type of security required when transmitting private information like credit card numbers, social security numbers, or private health information over the Internet.
Businesses rely on TLS/SSL certificates to be renewed on a regular interval or visitors will be unable to authenticate the integrity of the connection from the visitor's browser to the web server. Properly managing, installing, and renewing certificates includes tracking expirations and ensuring they're set to use only secure protocols and ciphers. Roar's TLS/SSL Inspector makes it simple for MSPs to manage and check the TLS/SSLs across hundreds of customers.