Why my servers are DOWN every year? What the h*** is SSL/TLS Certificate? How does it work? It’s so confusing!!! — Hands-on Activity 😉
Disclaimer: This article is intended for beginners and people with no knowledge of SSL/TLS certificates. If you’re a pro or looking for some advanced topics within SSL/TLS, refer to the bottom section of this article that should help you or follow for more.
OK, I’m going to talk to you about SSL/TLS certificates in more layman’s terms and not going to confuse or bore you with it. We’ll just take one step at a time! Before going ahead, if you’re looking/aspiring to be a
Linux/Cloud Engineer, make sure you understand this concept because this plays a crucial part in handling your data between the clients and servers securely.
Before getting to know what is SSL/TLS certificates or their basics, we’ll talk about the terms in separate.
What are SSL and TLS? Which one do I need?
Yes, this is the most confusing part at the start because I had the same confusion when I started to work on networks and connecting them successfully. I was confused enough that I even forgot to have my lunch/dinner if I start working on these.
All that said, just remember this — SSL(Secure Sockets Layer) is an older protocol that was developed in the 1990s. TLS(Transport Layer Security) is a newer protocol that was developed as a successor to SSL in the late 1990s. Now, most of the websites have migrated to
TLS v1.3 from
TLS v1.2 and are in the process of migration. SSL is no longer considered secure or widely utilized and has been deprecated in favor of TLS. Most modern websites and servers use TLS to secure their connections.
The above image shows the history/timeline of the evolution of the protocols and their version. You must be wondering, why there is no SSL v1.0, as the SSL v1 was under testing and got major upgrades/fixes the
Netscape directly released SSL v2.0, as there was more traction in adopting this protocol, later it was taken control by a centralized organization called the
IETF -Internet Engineering Task Force .
Now, let’s talk about the nuances of SSL/TLS certificates. An SSL/TLS certificate is a
digital certificate that is used to establish a secure, encrypted connection between a web server and a web client (usually a web browser). The SSL certificate is issued by a certificate authority (CA) like DigiCert, Let’s Encrypt, GoDaddy, and many more. They contain information about the identity of the web server and the domain it is used for.
Let me give you a quick example that you must have seen a lot, the moment you open an
insecure website, your
chrome browser prompts that the site is not secured and there is a risk involved in opening it. This purely revolves around the trust of the site. If a site needs to be trusted by the search engine or the browser i.e. the
client, it should obtain an SSL/TLS certificate from one of the major certificate authorities or from the known CAs. You can also generate your own certificate authorities but, you should export/import them often to get trusted by other servers and clients. Mostly, it’s a pain in the back because you’ll end up in frustration. I’ve done it before and then, finally landed on using the popular certificate authorities(CA) that should cover you for good. As far as I know, you can get free SSL certificates from Let’s Encrypt and GoDaddy if you purchase any domain or hosting services from them.
The SSL/TLS certificates are required to ensure
secure communication over the internet. When a web client i.e. your browser establishes a connection to a web server using SSL/TLS, the client and server exchange keys to establish an encrypted channel to communicate. Any data transmitted over this channel is encrypted and cannot be intercepted or read by anyone else. How cool is it, right? It’s like you and your mama having chat in
codewords so your dad/brother won’t recognize it.
The SSL/TLS certificates are used to protect
sensitive data, such as credit card numbers, login credentials, and personal information. As mentioned earlier, they are also used to establish trust between the web server and the web client. When a user sees the
green padlock icon in their web browser, they know that the connection to the website is secure and that their data is being transmitted over an encrypted channel. The moment you get the green padlock, you can add an HTTP(s) to the domain URL which means it’s secured.
HTTPS is a whole new chapter but just keep in mind, your connection is secured when you click on HTTPS links/URLs.
🏃 [Activity] 🏃
There is an activity for you to check the certificate of this
Medium URL. As mentioned in the previous section, always start with the
padlock at the start of the URL.
[x] Check the
padlock is it secured or
[x] Click on the padlock to view the
[x] Drill down the
[x] Can you see a sign that the certificate is
[x] You can go ahead and click on
Show Certificate Details to check the detailed information of the certificate.
[x] Also, you can
export the certificate in different formats based on your requirements. But for this activity, you can export it to
.cerformat and rename the file extension from
.crt so it should be like
Here come’s the
OpenSSL tool for help. To view the exported SSL/TLS certificate, you use the below OpenSSL commands.
#Enter this OpenSSL Command in the Terminal
openssl x509 -in filepath/to/<certificate>.crt -text
openssl x509 -in /downloads/ssl_folder/certificate.crt -text
Once, you notice the certificate details, all that you can see is the below properties:
Subject: The subject of the SSL/TLS certificate is the entity that the certificate is issued to. It typically includes the
common name (CN) of the web server and the domain it is used for, as well as the
organization (O) and the
organizational unit (OU) of the entity.
Issuer: The issuer of the SSL/TLS certificate is the
certificate authority (CA) that issued the certificate. It typically includes the
common name (CN) of the CA, as well as the
organization (O) and the
country of the CA.
Validity period: The validity period of the SSL/TLS certificate is the length of time that the certificate is
valid. It typically includes the
start date and the
end date of the period. It is a very important property. Most of the web servers or organizations will set a validity of less than
365 days to have a routine check and keep them secured/updated for audit.
Public key: The public key of the SSL/TLS certificate is the
key that is used to encrypt data transmitted over the secure connection. It is paired with a
private key that is used to decrypt the data. This is the first and crucial set of information shared by the web server to the client to authenticate along with the
Signature algorithm: The signature algorithm of the SSL/TLS certificate is the algorithm that is used to sign the certificate and ensure its authenticity. Common signature algorithms include
Key usage: The key usage of the SSL/TLS certificate specifies how the certificate can be used. It typically includes the purposes for which the certificate can be used, such as
digital signatures, and
Now that, you have successfully
viewed the certificate. There is a lot to cover on the
OpenSSL tool because it plays a major part in generating and converting SSL/TLS certificates locally. However, for today, this is more than enough to get you started with the SSL/TLS certificates.
Post this article, if you’re interested to dive deeper — you can start googling about
Intermediary CA, and
the chain of trust. What are the different
types of SSL/TLS certificates and the most used certificates?
In addition to the above, there are a number of books that can help you learn the basics of SSL/TLS certificates. Some options include:
“SSL and TLS: Designing and Building Secure Systems” by Eric Rescorla: This book provides a comprehensive overview of SSL and TLS protocols and covers the
key concepts and
design principles involved in building secure systems.
“SSL and TLS Essentials: Securing the Web” by Stephen A. Thomas: This book is a
practical guide to SSL and TLS, providing an introduction to the technologies and covering key concepts such as
certificate chains, and
key exchange algorithms.
“SSL and TLS: Theory and Practice” by Rolf Oppliger: This book provides a detailed
technical overview of SSL and TLS, including an in-depth examination of the
protocols and their underlying
“Web Security: A Step-by-Step Reference Guide” by Lincoln D. Stein: This book provides an
introduction to web security, including a chapter on SSL and TLS that covers the basics of how the
technologies work and how to use them to
secure web communications.
Any of these books should provide a good foundation for learning about SSL/TLS certificates and the role they play in securing web communications.
To conclude, the SSL/TLS is a very interesting topic to discuss with. I believe you must taken something back from this article. And, there is a lot to explore. Moreover, I’m continuing my writing on articles related to SSL/TLS certificates with OpenSSL Commands and how is it useful.
For now, thanks for reading!! If you enjoyed this article, please follow and subscribe for the latest updates. Looking for more? Check out the other articles below:
This opensource tool can make life easier for testing the APIs with the sufficient datasets and its complexity
What is OpenSSL? How can I use it to generate certificates? — Hands-on Activity 😉 🏃
In this article, we will go through the basic commands of OpenSSL, how to generate a private key, self-signed certs…
How to create daemons in Linux with a simple “Hello World” — bash example!
A daemon is a background process in Linux that performs certain tasks without user interaction.