Understanding SSL

Understanding the Need of SSL for AACD™

PDF This online manual assumes the reader has a basic knowledge of the function and purpose of an SSL or TLS Certificate and also some of the issues surrounding day-to-day management of the Certificates’ life cycle.

To gain a basic understanding of Digital Certificates, CA systems, their functions and uses, download and read the Digi-CA™ Manual.


The Basic Issues

    In the ‘digital world’ the SSL Certificate is used to identify and authenticate a website or server and to encrypt any data submitted from the browser to the server. These SSL Certificates are issued by a CA vendor. Digi-Sign is an example of a Trusted CA company. For websites, servers and device to device authentication, SSL or TLS connections are used for security, authentication and encryption across the connections.

Digital Certificates are issued and are valid for a specific period of time or ‘life’. So the life of the Certificate is set for a period of time and after this, it expires. An expired Certificate must be replaced if the security and integrity of the server or device is to be maintained. The life cycle of an SSL Certificate is circular and repetitive in nature.

IMAGE



Certificate Life cycle

    Typical Certificate life cycles are 1, 2 or 3-Years depending on the CA vendor. Therefore, the Certificate must be renewed regularly and this is a time taking, sometimes frustrating and manual process that your Administrator must complete frequently.


How SSL Certificates are Issued

    The CA that issues SSL Certificates is called a ‘Trusted Third Party’ or Trusted CA. This name is derived from the fact that a compliant Trusted CA must follow a specific set of internationally recognised and audited procedures before they can issue any SSL.

To initiate this process, the Administrator in your organisation must go to the specific server and generate a Certificate Signing Request [CSR] and submit it, along with other legal contact and domain ownership information to the CA. On receiving the CSR & supporting information, a Department within the CA called the Registration Authority [RA] verifies and approves, or rejects, the request accordingly. This process is called validations.

If the Validation process is successful and the RA can accurately determine that your organisation does have legal ownership of the domain name used in the SSL Certificate you are requesting, then the Certificate is issued. Your Administrator then installs the Certificate, thereby activating the HTTPS:// connection to the server and the ‘little yellow lock’ that appears in the browser whenever a connection is made to the specific server.