What is an SSL Certificate? Part 1

An SSL certificate is an essential component of SSL. So first we need to learn what SSL is. This is a very deep topic, so bear with me as I provide some needed background information.

SSL stands for Secure Sockets Layer. It was created by Netscape Communications as a way for two computers to communicate securely with one another. It is used for many applications such as web browsing, email, etc.

When two computers communicate on the Internet, they usually send the information “in the clear”, meaning that anybody who intercepts the data can understand it without any difficulty. It’s as if someone is overhearing a conversation spoken in English, when they understand English perfectly.

Sometimes though, you want to send information that is private, for example, banking information, credit card numbers, and so on. You don’t want anyone overhearing these conversations. So in order to protect the data communicated, it must first be encrypted.

Encryption is a very large topic which we won’t get into in any detail here. Let’s just say that in order for two people (or computers) to communicate with an encrypted message, they must share a secret key. The key is used to encrypt the plain message. The encrypted message is transmitted, and at the receiving end, the message is decrypted with the same key.

Such encryption has been known and used since at least Roman times. However, it has been shown that using the same key over and over increases the chances of the code being broken. The more you use the same key, the easier it is to break your code. The most secure form of communication is to use a One Time Pad, meaning that the key is used once and then discarded. This is the only mathematically secure encrytion method. But it is obviously quite impractical. If you could keep changing the key, then that means you and your counterpart are meeting regularly to agree on new keys. So why not just communicate your secret information then?

The technique of using a shared key for encryption and decryption is known as symmetric key encryption. There is another form of encryption, asymmetric key encryption, more popularly known as public key infrastructure or PKI. PKI requires two different keys, one is the public key and one is the private key. They are related mathematically in such a way that knowing one does not mean you know the other. In fact, it gives you no information whatsoever about the other.

The idea is that you share a public key, and keep your private key secret. If someone wants to send you private information, they will encrypt it with your public key and you will decrypt it with your private key. Since nobody else has your private key, they cannot decrypt it.

These keys can also be used as digital signatures. If you encrypt something with your private key, then it can be decrypted by anyone with your public key. But nobody except you would have been able to encrypt it in the first place. Therefore, you can be the only person who is able to encrypt or sign the data. Usually the signature takes place on a hash of the data, which is a short digest version of it.

More about public and private key encryption in What is an SSL Certificate? Part 2.

Incoming search terms:

  • what is a ssl certificate
  • ssl certificate private part when order
  • that the key
  • what an ssl
  • what is an ssl certificate
  • what is private part of ssl key
  • what oa a ssl certificate?