Secure Sockets Layer or SSL Certificates play a large role in protecting the security and privacy of online communications. As online transactions and interactions have become a regular part of our lives, protecting sensitive information like credit card numbers, login credentials, and personal details has become even more important.
TABLE OF CONTENTS
What Are SSL Certificates?
SSL certificates acts as a digital credential that verifies a website’s identity. This assures users that they are interacting with a legitimate site and not a fake one created to steal data or spread harmful software.
SSL or TSL (Transport Layer Security) certificates are issued by a Certificate Authority (CA) that verifies the owner of the website’s domain.
It encrypts the data exchanged between the web browser and the server. This encryption protects sensitive information by making it extremely difficult for hackers to intercept and read. SSL certificates use a series of communication steps known as a “handshake” to establish a secure, encrypted connection.
This allows the site and server to authenticate each other and verify that they are who they claim to be. They then choose the encryption methods or algorithms they’ll use to secure the data transfer and exchange the keys needed to encrypt and decrypt the exchanged data.
How to Install a Free SSL Certificate
VIDEO:How to Install a Free SSL Certificate
Additional Information
Certificate Signing Request & Public Keys
Digital IDs use Public Key Cryptography, which includes both public and private key files. The public key (in the CSR) is what the CA uses to create the SSL certificate, and the private key is what the server uses to decrypt data encrypted with the public key.
A CSR (Certificate Signing Request) contains the public key generated on the server, validating specific details about the web server and the associated company. The CSR (containing the public key) is sent to the Certificate Authority (CA) or SSL provider.
The security of the entire SSL/TLS system depends on the private key being kept secret. The private key must remain securely stored on the server and should not be shared publicly. Additionally, the SSL provider does not have access to the private and cannot access it on the client’s server.
A CSR cannot be generated without creating a private key file, and vice versa; they are generated as a pair. In server software platforms like Microsoft IIS, both are generated simultaneously using the Wizard on the web server.
IMPORTANT:
Before beginning the certificate acquisition process, you must generate a private key and CSR pair from the web server.
How to Generate Private Key & CSR
Enter the details below to generate the Private Key and CSR pair from the web server:
- Organisation Name e.g. My Company
- Organisational Unit e.g. My Department
- Country Code e.g. US
- State or Province e.g. Gauteng
- Locality e.g. Johannesburg
- Common Name e.g. www.domainname.co.za.
IMPORTANT:
In X.509 terminology, the Common Name refers to the name that defines the Certificate and links it to the company. When obtaining SSL Web Server Certificates, please enter the specific host and domain name requiring security; this may include the company’s root server or intranet name.
For instance, if you want to secure www.my-domain-name.co.za, ensure you input the exact host (www) and domain name in this field.
Certificate Renewals
To renew an SSL certificate, generate a new Key and CSR pair from the server. Ensure you back up the key and submit the newly created CSR through renewal. When renewing SSL certificates across various server software platforms, you don’t need to submit a new CSR to obtain the renewed certificate.
Instead, the previous CSR will be used as the renewal certificate. Once issued, the renewal certificate will only operate with the private key file initially submitted to the SSL provider and used to create the CSR.
