When we see the HTTPS, HTTP connection of a visited website most of us can’t differentiate between them. We ask ourselves what difference the single alphabet ‘S’ makes? Little do we know that the letter ‘S’ is all that matters.
The difference between the HTTP and HTTPS connection is not of just a letter but a secure and protected connection ensured by a valid SSL certificate.
In this article, we’re going to talk about what this SSL/TLS (Secure Socket Layer, Transfer Layer Security) protocol is and how do you get the certificate for a website in simple words.
We don’t even know but we come across so many SSL certified websites, mobile applications, emails, messaging, etc. but most commonly on a website yet most of us are unaware of even the full-form. The SSL certificate can be viewed as a lock from our side to which the keys are only the receiver (website/server).
As what the SSL certificate does is it facilitates “encryption” – when we hear that word the only thing that comes to our mind is “Cipher” and “Decipher” and that is exactly what it means it converts the data we send into a format which cannot be decoded by any third party and then it is decoded by the receiver website with the private key.
The establishment of a secure connection is known as the “SSL handshake”, we can understand it with the help of an example from our day to day lives.
For example, when someone hires us for an important job. The steps are as follows
We greet each other – similarly the client and the server exchange clientHello&serverHello messages with some information regarding SSL certification. Hence, a secure connection is in place between the two of us.
Checking the Identity, records, and other achievements – As after the hello both of us loosen up a bit, the client verifies the server through the information mentioned in the SSL certificate eg. Location public key, validity dates, etc. and just like our employer checks the authenticity of our certificate here, the client checks the validity of the certificate authority.
Exchange of keys – when our employer trusts us he/she leaves us with the key for our cabin or for the office (the keys of the house in the case of hiring a caretaker) similarly the client and server exchange the public and private key and asymmetric or systematic encryption takes place.
In this way, a trustworthy employee is hired similar to the establishment of a secure connection.
Now the important question arises that how do we obtain this certificate?
This is where OpenSSL comes into the picture, this goes back to 23rd December 1998 where the first site opened up was www.openSSL.org. It is an online software library which provides applications to protect any website from third-party eavesdropping and hampering of data it also helps in the private key generation which is a very important aspect of the TLS protocol
As the name suggests open SSL is open to all web developers/owners so that they are well equipped with all the important tools. It is available for Linux, Windows, macOS, and BSD systems
Now, just like any organization would have to conform to the norms of public security, so that they can build a relationship of trust and goodwill between them and the customers. Any website should have the SSL certificate and open SSL helps you acquire that.
Similar to when we have completed our internship with an organization, the certificate is a proof which guarantees the authenticity of our work and the level of work we have done, the digital certificate has to apply for in the OPEN SSL library for SSL certification.
To convert our SSL certificate into different formats we need to know a bit about different Open SSL commands like;
- There are different openSSL versions which are supported by the TLS protocol – 1.1.1 , 1.0.2 and 1.1.0
To check our Open SSL version we can use the command – openssl version –a
CSR generation– Certificate signing request, is the request sent by a web owner to the authority for the application of a certificate. OpenSSL helps in generating a CSR code.
Generation of the private key – Private key is the only way to unlock the public key created later. So it requires to be unique, and it comes with a choice to whether put an additional password to the private key but all the servers do not accept a private key with a password.
There are two algorithms for generating the private key – RSA Algorithm for 2048 bit key size and ECDSA algorithm for 256 bit.
To generate the private key with the RSM algorithm we should use the following command;
opensslrsa -text -in yourdomain.key -noout
- Extraction of Public Key – the public key is extracted from the private key itself with the following command :
opensslreq -new -key yourdomain.key -out yourdomain.csr
Before generating the CSR some important queries are made just like before giving you your identity card –
Country code (2 letter code)
State or province name
Locality Name
Organization name
Organization Unit name
Common Name
Email Address
Verifying the information and certificate details –
Lastly, what do we do when we get our certificate? We check that all the information is correct or not and whether our name matches the name on the certificate or not. Similarly, there’s a command to identify whether the certificate’s info matches our private key or not.
openssl x509 -text -in yourdomain.crt –noout
The demand for SSL certificates has increased rapidly after the “HTTPS Everywhere” campaign launched by Google and Mozilla Firefox in 2014, as it forces each website on its SEO browser to have the HTTPS connection instead of HTTP. This was a very important campaign as it made security and privacy not only an option but the only choice as with the increasing rate of cybercrime around the world it is very important that we do everything possible from our side to ensure our privacy.
