What are SSL certificates and why their proper use from the point of view of leading website is so important? To answer this question, we must first go back to the history of computing and the Internet. Communication protocol SSL (Secure Socket Layer) and its modern successor, TLS (Transport Layer Security), were designed (originally by Netscape Communications) to ensure the confidentiality and integrity of data. In practice, this involves server authentication based on data encryption and digital certificates.

How it's working?

Certificates used in SSL are special files containing the name of the domain for which the certificate is issued. Verification of the rights of any person or institution to use the domain is dealt by a special Certification Authorities (CA). In practice, usually the person entitled sends to the office its public key (specially generated, unique and impossible to guess string of signs), domain name and any additional data needed to generate the certificate in the form of a certificate signing request. After passing through the verification the certificate is signed and recognised by the browser as safe. If, however, in turn, a server will provide us with an unknown certificate, untrusted, or unsigned by the CA, in most browsers or email clients and other programs, while attempting to connect, an encrypted user will see a warning.

Why?

SSL is a network protocol used on secured Internet connections. It was developed by Netscape and widely adopted it as standard encryption for the WWW. Normally unsecured pages and web forms are sent on the Internet without any protection, so-called. open text. It can be quite easily intercepted by third parties. However, if our server has installed SSL to communicate with the browser, the information are transmitted over the network in encrypted form. Connection to website that uses SSL certificate is followed by determination algorithms and encryption keys used to the transmission of data between the browser and the server.

In general there are three types of sites: sites without any certificates that are all sites amateur and webpages that do not require user interaction and data transfer, the sites having their own certificates not registered in the CA (ie, from our point of view untrusted) and sites officially certified, registered in the CA - such registration costs and therefore not every certificate is registered. For us as users of online stores and other sites that require administration of confidential data they are safest, the last type mentioned above. To the owners of sites and online stores SSL security certificates provide security for any data transmitted electronically and further confirm the reliability of the websites visited. If the certificate is installed on the client side, it may lend credence to computer / address of the contractor who logs on to the instance. The use of certificates is currently recommended by the GIODO (General Inspector for Personal Data Protection) and shall fulfill the obligation for protection of personal data, what is imposed to administrators and owners of web servers the law on the protection of personal data.