An SSL certificate is the main element of the SSL security protocol , and is used so that the transmission of information between two elements connected through the Internet is totally secure, the most widespread case being the HTTPS protocol that serves to connect securely with a web server. SSL certificates consist of two parts, one public and one private. The public party will be in charge of encrypting the information, and the private party of decrypting it.
Being an open protocol, it can be used with most of the most widespread communication services on the Internet, such as HTTP, FTP, SMTP, IMAP or POP3, among others, to which SSL adds a layer of security (HTTP → HTTPS, FTP → FTPS, etc.) For example, the protocol can be used when a user accesses a website, or when a mail client such as Outlook or Thunderbird connects to a mail server, or when two connected applications establish a communication, in addition to many others.
SSL certificates To Implement The HTTPS Protocol
In this case, an SSL certificate provides security to the visitor of a website. Its mission is to identify a server to any visitor, and to provide an encryption in the communication that allows preserving the confidentiality and integrity of the data. It is made up of several codes that make up different files and are used to implement the SSL / TLS protocol on a website, and thus establish the HTTPS protocol in communication between the client and the server.
In this way, an SSL certificate allows that communication cannot be intercepted or modified by unauthorized elements. It is made up of three main parts:
- The SSL certificate : This is the public part. It is made up of a file, and when someone connects to a server via HTTPS, it is what they will receive first. It contains the domain name, and certifies that it is effectively communicating with who it claims to be.
- The private key : It is essential that it be stored securely and that under no circumstances is it disclosed. It works like a seal, and with it communication is “sealed”, and it is proven that the server is, indeed, who it claims to be.
- Intermediate certificates : Certifying authorities or CAs are trusted third parties (by operating systems and browsers), and they are in charge of issuing the certificates, and they will only do so if they can verify that the person or organization requesting it is the owner. of the domain you want to certify. For this, intermediate certificates are issued which are the ones that will sign the server’s certificate.
SSL Certificates For Email Protocols
The most widespread email services have a version that supports the use of an SSL certificate, giving rise to the secure version of the protocols. In this way, the IMAP, SMTP or POP protocols would give rise to their secure versions, which would be renamed IMAPS, SMTPS and POP3S respectively. It is necessary that the mail client allows this type of connection. To succeed, the mail server must have the valid certificate installed and for the correct domain. The connection ports for the protocol that are commonly used are the following:
- SMTPS: 465
- IMAPS: 993
- POP3S: 995
However, these ports can be established in a personalized way by the server administrator. The implementation of SSL in a mail server will allow that the information of all the electronic mail that travels from the server to the client, does it in a secure way, so that it cannot be intercepted or modified by anyone.
It also serves to correctly identify the server, and thus guarantee its identity. So if the domain for which the certificate has been issued is different from the one on the server, you will get an error in the identification. This fact also limits the fact that the mail server has to be named with a public domain (local .local domains are not valid, etc.), so that the SSL certificate issuing entities can verify its identity.
SSL Certificates To Implement The FTPS Protocol
The FTP protocol is the most widely used for transferring files between connected systems, and its secure FTPS version allows them to be done securely. For its implementation, an SSL / TLS layer is placed below the FTP standard that allows the transferred data to be encrypted,
FTPS runs on port 990 by default, although it requires some other ports to function. Specifically port 989 for data transmission, as well as other ports in case of need for passive connections.
Knowing the parts that make up an SSL certificate, we are going to detail how it works below.
Operation Of SSL Certificates In The HTTPS Protocol
In a first step, an encrypted communication will be established using asymmetric encryption (with a public key and a private key). The SSL certificate is public, and is available to anyone who accesses the website.
It has a public key that will be used for the browser that is accessing the website to encrypt information that only the server can decrypt with its private key (which must always be kept privately stored).
Specifically, the information that the browser will emit will be the symmetric key with which all the rest of the communication will be carried out. In this way, it is guaranteed that this key is only known by the two parties authorized to establish communication. From that moment the information that travels in both directions will be encrypted by that key,
As can be seen, in all this process, nothing about the intermediate certificates has been mentioned. What are intermediate certificates for then? Its usefulness lies in ensuring that the person or organization behind the certificate is who it claims to be, and is authorized to use that domain. Intermediate certificates are issued by the certifying authorities or CA, and are third parties recognized by browsers and are responsible for sealing the SSL certificate to give it validity.