What is an SSL certificate?¶
SSL certificates serve two purposes: protecting data sent over the internet, and proving your identity.
When you send information over the internet, the information you send could be accessed by a third party. In order to protect yourself, and the people you communicate with, it is important to encrypt the messages you send. Encryption is the process of taking data and scrambling it so that anyone without the key cannot read it. At this point in time, the standard tool for encrypting data on websites is using SSL certificates.
When you are sending a message, encrypting the contents is the easy part. The difficult part is figuring out how to let the person who is receiving your data know how to unscramble your message. With SSL certificates this is accomplished by having two keys: a private key and a public key.
A “key” is a long string of letters and numbers that the browser can use to unscramble a message, just like you might use a key to open a mailbox. An SSL certificate will share the public key with anyone who asks for it. The recipient of the information will also have a public key that they will share with you. Software built in to your browser will then use those two keys to create an encrypted message.
Once you receive a message, or the person you are communicating with receives your message, your browser will then use your private key to “unlock” the message. Encryption software is able to use your public key and your partner’s public key to create a message that can only be read by someone with a corresponding private key. In this way, the person who receives your message can read the message without ever having to share their private key with you or anyone else.
When generating an SSL certificate a public and private key will be generated then installed on the server that you will use to communicate, which for most Gandi users means the server where you will host your website. Depending on your situation we may either do this automatically for you or you will need to do it yourself.
It is important to never share your private key with anyone, since anyone with your private key will be able to read all of your private data. If your private key is ever compromised you will need to regenerate or revoke your SSL certificate.
Encryption alone helps you to make sure that only the person receiving your information can read the data you send, but it does not do anything to prove that you are who you say you are. A malicious hacker could set up a site that perfectly uses the most advanced forms of encryption, but simply lies to the visitor about who they are communicating with. Encryption alone is not enough to protect you or your visitors from malicious hackers.
SSL certificates issued by a certificate authority also provide a service where you prove that you really are who you say you are. Certificate authorities, such as Gandi’s partner, Sectigo, are established providers that are widely trusted across the world. Once they verify your identity they add their own public key to your certificate so that visitors can verify your identity with them as part of the encryption process.
The degree to which your identity is checked varies according to the level of certificate you purchase. A domain validated certificate, for example, simply looks for some information in the DNS records of your website to verify that you do have control over that domain. A more advanced certificate will verify identification records that you provide. More advanced certificates are more expensive to purchase, but they also provide your customers with a greater degree of confidence that they can trust you with their private data.
It is now the standard recommendation that all websites use encryption, even if they aren’t necessarily handling private data. Although your website may only provide public content, leaving your site unencrypted means that outside parties could try to interfere with your communication to add things like ads or unwanted tracking of your visitors.
In addition to making your site more secure, Google and other search engines give priority to websites that use encryption regardless of the content of the website. Sites without encryption may be downgraded or not appear in search results.
If you are working with private data, such as if you are running an online store, it becomes even more important to provide reliable encryption. More advanced SSL certificates also come with a financial guarantee that insures you against loss should the failure of a certificate lead to a financial loss by you or your customers.