Why we use SSL: a behind the scenes look

These days, SSL certificates are widely regarded as essential for websites to make them more secure. Not only do website owners know this, but general Internet users do too. However, although SSL certificates have become such a given across the web, many people probably aren’t aware of the origin story of these powerful digital certificates.

So, how did SSL certificate use become so widespread and why were they created in the first place? To answer this question we’ll have to go back in time a little bit, to the early days of the World Wide Web, just over three decades ago. Then we’ll get a tiny bit technical, discussing what SSL certificate encryption is and how it works to illustrate why it’s considered the most effective choice for web encryption today. 

Read on for a brief history lesson!

The growing need for an encrypted web

In the first days of the World Wide Web back in the early 90s, online security wasn’t a huge priority. However, when it began to be used for more serious purposes, such as the exchange of sensitive data and making transactions, it became clear that a more secure way to transfer information was necessary. 

That’s where encryption comes in. Encryption basically scrambles information into an unreadable code so that it cannot be read by third-parties. The Hypertext Transfer Protocol Secure (HTTPS) protocol was created in 1994 to encrypt data sent over a web connection. Back then, just like today, this protocol was enabled by the use of SSL certificates (although SSL certificates themselves have undergone a lot of changes in the decades since, which we’ll talk about in the next section). 

In the early days of HTTPS, it was primarily adopted by online retailers taking payment transactions, e-mail services, and by corporate information systems for the exchange of sensitive data. This changed in the late 2000s when it became clear that cyber attacks related to insecure communication over the web were on the rise. It became easier for cyber criminals to intercept, eavesdrop, and even alter messages. As a result, by the early 2010s HTTPS adoption became more widespread, and could be found on more and more kinds of websites beyond e-commerce so that user accounts, user communications, user identities and web browsing were kept private and secure.

But what is it that makes SSL so great that it’s such a mainstay in web security today? Let’s move on to a brief overview of the inner workings of SSLs in plain language that everyone can understand.  

How SSL certificates create encrypted connections

SSL certificates encrypt the connection between a client and a server, such as a web browser and a website. Much like a door that can only be unlocked with the correct key, data sent over an encrypted connection can only be decrypted using a special key known as a cryptographic key.

As we mentioned earlier, when information is sent from a user’s browser, it is “locked” (encrypted) by a cryptographic key so that it is unreadable to anyone who might intercept it while it’s being sent. Once it reaches the website it is “unlocked” (decrypted), again by using a cryptographic key.   

Let’s dive a little deeper into how exactly SSL certificates make this happen.

TLS protocol and the SSL handshake

SSL certificates create secure connections by using the TLS protocol (Transport Layer Security protocol). Back when SSL certificates were first created, they actually used the SSL (Secure Sockets Layer) protocol to encrypt connections, hence the name. However, SSL had a lot of vulnerabilities, and the TLS protocol was created to replace it in 1999. Even though the SSL protocol was gradually phased out, the “brand name” stuck, hence why we still call them SSL certificates rather than TLS certificates.

SSL certificates create encrypted connections through a process known as the SSL handshake, which is basically how the client and server exchange cryptographic data. Here is a very simplified version of the process broken down into three steps:

  1. A “Client Hello” message is sent to the server along with a list of Cipher Suites (read more about those here) it supports. It also guesses the key exchange method the server will opt to use, and sends along its key share.
  2. A “Server Hello” message is sent from the server to the client in reply, alongside its chosen key exchange parameters and its key share. At the same time, it sends the details of its SSL certificate, and after that, a “Server Finished” message.
  3. After the client authenticates the server’s SSL, a shared key is generated by using the keys they sent along to each other. Once the client is finished, it sends a “Client Finished” message to the server and an encrypted connection is created. 

Wrap Up

Now you should have a better idea of the how and the why behind SSL certificates securing websites across the web. By having an SSL certificate on your site, you’re protecting both your site and its users from prying eyes and man-in-the-middle attacks.

SSL certificates are just one part of a wide range of security measures you should be taking to keep your website secure, no matter what kind of website it is. But SSL is up there with one of the most important precautions for keeping both you and your users secure. 
To get an SSL certificate for your website at an affordable price, check out the range of SSLs we have on offer.

Share on Twitter, Facebook, Google+