BLOG

January 4 2023

What is an SSL certificate ?

Let's see what an SSL certificate is and what it is for and how it can help you secure the connection of a website and your privacy.

In today's digital age, information secrecy has become an issue of great importance, both for companies and individuals. With the growing amount of personal and sensitive data being exchanged online, it becomes ever more crucial to ensure that this information remains protected from unauthorized access.

An essential tool for guaranteeing the secrecy of information is cryptography, which consists in the use of mathematical algorithms to transform a readable text into a sequence of unintelligible symbols, known as "ciphertext". Only those with the correct decryption key can read the original text again, making it virtually impossible for unauthorized users to access the encrypted data.

Encryption is used in many areas, such as the protection of online communications, access to secure computer systems and the secure storage of data. In an increasingly connected and interconnected world, cryptography plays a key role in protecting information and preserving privacy.

Public key encryption.

Public key cryptography is a type of asymmetric encryption that uses two distinct keys: a public key and a private key. The public key is made available to anyone, while the private key is kept secret by the owner.

When a user wants to send an encrypted message to someone else, they use the recipient's public key to encrypt the message. Only the recipient, who owns the corresponding private key, can decrypt the message and read it.

Public key cryptography is often used to ensure the security of online communications and to authenticate the identity of users. For example, it can be used to create digital signatures, which can be used to verify the integrity of a document or to confirm the authenticity of a message.

Public key cryptography differs from standard shared key cryptography, which uses a single key to encrypt and decrypt a message. In this case, both recipients need to know the shared key to be able to exchange encrypted messages securely. Public key encryption is considered more secure than shared key encryption, since no secret keys need to be shared between recipients.

What are SSL Certificates?

An SSL (Secure Sockets Layer) certificate is a security protocol that is used to ensure that the information exchanged between your browser and a website is protected and cannot be intercepted by third parties. An SSL certificate is issued by a certificate authority, which verifies the identity of the website owner and generates a certificate that contains information about the site's identity and the certificate authority itself.

When you visit an SSL-secured website, your browser establishes a secure connection with the site using the SSL protocol. During this connection, your browser verifies that the SSL certificate is valid and that it has been issued by a trusted certificate authority. If the certificate is valid, your browser starts encrypting the information you send to the site, such as your login credentials or sensitive information such as your credit card number.

Using SSL is especially important when transacting online or sending sensitive information over the internet, as it protects your information from the prying eyes of hackers and malicious people. Additionally, many search engines, such as Google, give higher weight to sites that use SSL in their search results; therefore, using SSL can also improve your site's ranking in search results.

Type of SSL certificates

There are several types of SSL certificates, each offering a slightly different level of security and validation. The most common SSL certificates are:

  • Single Domain SSL Certificates: These certificates secure a single domain and are suitable for websites that do not collect sensitive information.
  • Multi-Domain SSL Certificates: These certificates can secure multiple domains on a single server and are suitable for websites running different brands or divisions.
  • Extended SSL Certificates (EV SSL): These certificates offer the highest level of security and validation, as they require thorough verification of the website owner's identity. They are suitable for websites that collect sensitive information or that handle large online transactions.

DV Domain Validated Single Domain SSL Certificate.

A Domain Validated (DV) Single Domain SSL certificate is a type of SSL certificate that is used to secure a single domain. To obtain this type of certificate, you must prove that you are the owner of the requested domain. The certificate authority then performs a domain verification to make sure that the applicant actually owns the domain.

A DV single-domain SSL certificate provides a level of security sufficient for most websites that don't collect sensitive information or that don't handle large online transactions. However, it does not offer the same level of security and validation as an Extended SSL Certificate (EV SSL), as it does not require extensive verification of the website owner's identity.

An advantage of DV single domain SSL certificates is that they are easier and faster to obtain than EV SSL certificates, since they do not require as much identity verification. Also, they are generally cheaper than EV SSL certificates.

The cost of a DV certificate ranges from a few tens of dollars a year up to a few hundred dollars, depending on the vendor and the duration of the certificate.

However, one disadvantage of DV single domain SSL certificates is that they do not offer the same level of security and trust for users as EV SSL certificates. Additionally, some browsers may display security warnings for users visiting sites secured by this type of certificate, which may discourage some users from visiting the site.

In conclusion, DV Single Domain SSL Certificates are suitable for websites that do not collect sensitive information or do not handle large online transactions and want to secure their domain with an SSL certificate at a reasonable price.

Multi-Domain SSL Certificates

A multi-domain SSL certificate is a type of SSL certificate that is used to secure multiple domains on a single server. This is especially useful for companies that manage multiple brands or divisions and want to secure all of their domains with a single SSL certificate.

To obtain a multi-domain SSL certificate, you need to prove that you own the required domains. The certificate authority then performs a verification of the domains to ensure that the requestor actually owns the domains. Once you have the certificate, you can use it to secure all domains included in the certificate.

An advantage of multi-domain SSL certificates is that they allow you to secure multiple domains with a single certificate, which can be more convenient and less expensive than purchasing separate SSL certificates for each domain. Additionally, multi-domain SSL certificates can offer a similar level of security as single-domain SSL certificates, depending on the type of certificate you choose.

The cost of an MD certificate is slightly higher than DV certificates and ranges from a few hundred dollars a year up to several thousand euros, depending on the number of domains to be protected and the vendor.

However, a disadvantage of multi-domain SSL certificates is that they do not offer the same level of security and validation as Extended SSL Certificates (EV SSL), as they do not require thorough verification of the website owner's identity.

In conclusion, multi-domain SSL certificates are suitable for companies that operate multiple brands or divisions and want to secure all their domains with a single SSL certificate.

Extended SSL Certificates EV

An Extended Validation (EV) SSL Certificate is a type of digital certificate that is used to establish a secure connection between a web server and a client (for example, a user's browser). This certificate is issued only after the applicant has satisfied a rigorous certification authority (CA) verification process of company information.

The EV SSL certificate has some distinctive features, such as the company name displayed in bold in the address bar of the browser and the green color of the address, which provide greater visibility and transparency to website visitors. Furthermore, the EV SSL certificate provides a higher level of encryption than standard SSL certificates, which means that sensitive information exchanged between the server and the client is protected with a longer and more complex encryption key.

An EV SSL certificate is particularly useful for companies that operate in regulated sectors or that have to manage sensitive data, such as banks or insurance companies. However, it can be used by any type of business that wants to provide an extra layer of security and reliability for their visitors.

The cost is significantly higher and it is reasonable to say that the cost can exceed a thousand euros depending on the chosen supplier.

What is the HTTPS protocol and how does it relate to SSL?

HTTPS (Hypertext Transfer Protocol Secure) is a secure version of the HTTP protocol, which is used to transfer data over the Internet. HTTPS is often used to protect the privacy and integrity of user data when browsing the web, such as making online purchases or accessing online banking services.

The way HTTPS manages to ensure data security is through the use of a security protocol called SSL (Secure Sockets Layer). SSL is a security protocol that provides an encrypted connection between the client (for example the user's computer) and the server (for example the website the user is accessing). In other words, SSL encrypts the data transmitted between the client and the server, making it difficult for hackers or other unauthorized persons to decrypt or intercept the data.

When a user accesses a website using HTTPS, their browser verifies that the website is trustworthy and authentic. To do this, the browser verifies that the website has a valid SSL certificate and that this has been issued by a trusted certificate authority. Once the SSL certificate has been verified, the browser establishes an encrypted connection with the server using the SSL protocol. At this point, all data transmitted between the client and the server is encrypted and protected from unauthorized interception.

It's important to note that HTTPS is not invulnerable to security breaches. For example, if a hacker manages to obtain a website's SSL certificate, he could create a fake version of the website and use the certificate to create a fake HTTPS connection, tricking users into obtaining sensitive information. However, HTTPS is still a very effective tool to protect data security while browsing the web and is widely used on the internet.

Also, many web browsers now display a security warning to users when accessing an unsecured website via HTTPS. This is to protect users from websites that may have been compromised or that may be trying to steal their information.

Free SSL certificates like Let's Encrypt.

Let's Encrypt is a non-profit organization that provides free SSL certificates for encrypting websites. Let's Encrypt was founded in 2014 with the aim of making SSL encryption accessible to everyone, in order to protect the security of user data while browsing the web.

A Let's Encrypt certificate is an SSL certificate that is issued free of charge by Let's Encrypt. To obtain a Let's Encrypt certificate, you need to install a software called Certbot, which takes care of verifying that the domain for which the certificate is requested is owned by the company or individual requesting it. Once the domain has been verified, the certificate is automatically issued by the Let's Encrypt system.

Let's Encrypt certificates have many advantages both at a technical and cost level. On a technical level, Let's Encrypt certificates offer the same security as paid SSL certificates. Also, the process of installing and renewing certificates is very simple and automated, making it very convenient for system administrators. Cost-wise, Let's Encrypt certificates are completely free, making them particularly affordable for small businesses or personal websites.

In addition, many web hosting providers like ours, for example, offer support for installing and automatically renewing Let's Encrypt certificates, which makes it even easier for users to obtain and manage SSL certificates for their websites.

How do you install an SSL certificate on a web server?

Installing a Secure Sockets Layer (SSL) certificate is an essential process for ensuring secure communications on the Internet. However, depending on the webserver in use, the steps to be taken to install an SSL certificate may vary.

In general, the steps to install an SSL certificate on a webserver are always the same:

  1. Acquire an SSL certificate from a recognized certificate authority (CA), such as Let's Encrypt.
  2. Download the SSL certificate and private key from the CA site.
  3. Configure the webserver to use the SSL certificate and private key.

However, the form and syntax used to perform these operations may vary according to the web server in use. For example, Apache uses the "httpd.conf" or "ssl.conf" configuration file, while NGINX uses the "nginx.conf" configuration file. Furthermore, the commands to use to configure the webserver may be different depending on the operating system in use.

Install a Let's Encrypt SSL certificate on Apache

To install a Let's Encrypt certificate on an Apache webserver for the example.com domain, you need to follow these steps:

  1. Make sure you have Certbot software installed on your system. Certbot is an open source tool that allows you to easily obtain and install Let's Encrypt certificates. If Certbot is not already installed, you can download it from the Let's Encrypt website (https://letsencrypt.org/) or install it via your OS package manager (e.g. apt for Ubuntu).
  2. Verify that the example.com domain is configured correctly on the Apache webserver. Make sure that the virtual host configuration file for the domain example.com is set up correctly and that the domain is reachable from outside.
  3. Run the Certbot command to obtain and install the Let's Encrypt certificate for the example.com domain. The command to run will look like this:
certbot --apache -d example.com

The command will search for the virtual host configured for the example.com domain and will obtain and install the Let's Encrypt certificate for the domain. You will be asked for some information, such as your email address for certificate expiration notifications.

  1. Verify that the certificate was installed correctly. To verify the installation of the certificate, you can access the example.com website using the HTTPS protocol (for example https://esempio.com). If the certificate was installed correctly, the site should be accessible without errors and the certificate should show as valid.

If you have problems installing the certificate, you can check the Apache logs for errors or consult the Certbot documentation for further assistance.

Install a Let's Encrypt SSL certificate on NGINX

Installing a Let's Encrypt certificate on an NGINX webserver for the example.com domain can be done in a few simple steps:

  1. Make sure you have a Let's Encrypt account and have the certbot software installed on your system.
  2. Use the "certbot certonly" command to get an SSL certificate for the example.com domain. You will need to provide your email address and accept the Let's Encrypt terms of use.
  3. Once you have the certificate, you need to configure your NGINX webserver to use it. To do this, open the NGINX configuration file and add the following lines:

server { listen 443 ssl; server_name example.com; ssl_certificate /path/to/certificate.pem; ssl_certificate_key /path/to/private.key; }

  1. Save the configuration file and reload NGINX for the changes to take effect.
  2. At this point, the Let's Encrypt certificate will be installed and in use on your NGINX webserver for the example.com domain. You can verify that the certificate has been correctly installed by accessing your site via a secure connection (https).

 

Do you want to set up an SSL certificate and need help?

Not sure which SSL certificate to choose for your website? Don't worry, we're here to help. We offer personalized advice to identify the SSL certificate that best suits your needs and we support you in installing the certificate.”

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds owns the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Facebook, Inc. owns the rights to Facebook®; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV This site is not affiliated, sponsored, or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a registered trademark at European level by MANAGED SERVER SRL Via Enzo Ferrari, 9 62012 Civitanova Marche (MC) Italy.

JUST A MOMENT !

Would you like to see how your WooCommerce runs on our systems without having to migrate anything? 

Enter the address of your WooCommerce site and you will get a navigable demonstration, without having to do absolutely anything and completely free.

No thanks, my customers prefer the slow site.
Back to top