What Is SSL?
An SSL secure server uses the SSL security protocol to send data. The initialismSSL stands for Secure Sockets Layer. Created by Netscape to validate website identities and to safeguard personal information, such as credit card data, the methodology was designed to prevent messages from being decoded, even if they should be intercepted.
A branch in the development of SSL occurred after SSL 3.0, which was released in 1996, shortly after SSL 2.0, the first public edition, which was debuted in 1995, because SSL 2.0 had security flaws that were quickly discovered. It was at this point that a new direction of development by the Internet Engineering Task Force (IETF) resulted in TLS (Transport Layer Security). Originally released in 1999, TLS 1.0 is also referred to as SSL 3.1, with TLS 1.2, released in 2006 referred to as SSL 3.2, and TLS 1.2, which came out in 2008, referred to as SSL 3.3.
SSL and TLS have different encryption systems. In the SSL system, a public key and a private key are used to encrypt the data, while in the TLS system, a private key (also called a secret key) is generated specifically for each session and used to encrypt the data exchanges that follow. Both systems use certificates to verify identity and have a multi-step process.
Here, for example, is a summary of how SSL technology works:
- A customer, who has been shopping at an emerchant’s establishment, navigates to the checkout page.
- The browser that the customer is using requests a secure session with the emerchant’s Web server
- The emerchant’s web server offers the browser its certificate for validation
- If the browser finds that the certificate is valid, it creates a session key
- The Web server’s public key, which the certificate documents, is used to encrypt the session
- The session key data is transmitted to the emerchant’s Web server
- Using its private key, the Web server decrypts the information, establishing mutual secure communication
- It is now safe for a customer to submit a credit card transaction.
There are different types of SSL Certificates with different levels of encryption, different levels of authentication stringency, and provided by Certification Authorities (CAs) that have varying reputations.
Why Are SSL Checkers Needed?
In order to use an SSL certificate, the certificate must be installed. A number of troubleshooting issues can arise with SSL Certificate installation, and an SSL checker is a means of determining either that the installation is correct or to diagnose what has gone wrong, making your certificate register as not installed, not trusted, or not valid. Errors can include the following:
- A certificate name mismatch error can occur if the SSL security certificate presented for one website was issued for the web address of a different website. This can happen when a certificate has the IP address and is correct but an attempt is made to connect via a fully-qualified. It can also result from a typo in the request to the CA.
- A certificate may be judged invalid if the installation process has not completed or has installed to the wrong server.
- An error citing a combination of secure and non-secure items on a page can come up when some content is loaded through http:// instead of https://, and this is addressed by fixing the way the content is loaded.
How an SSL Checker Works
There are some generic SSL checkers that ask for you server information only. Top SSL companies like VeriSign and Thawte offer their own SSL Certificate Installation Checkers. You are advised to only use the SSL checker of the website of your CA in order to keep your information secure. Since SSL Certficate Authorities provide SSL checkers as a free service, there is no possible reason to use a “free” generic service offered by a website that you don’t know.
The VeriSign SSL Checker asks for your Web Server’s domain name, your port, which will usually be 443 for SSL, and a test button. You are prompted to accept a Java Applet, which tells you that VeriSign’s own Certificate is valid. The status of your SSL certificate installation then appears in the ‘Status” box. The Thawte SSL checker is nearly identical, but directs that you add your “fully qualified domain name.”
SSL checkers do not protect you against fraudulent digital certificates, such as those issued by Comodo in March of 2011. That is, they do not check the certificates of others: that is the job of your browser.