Techshshila

Articles Certificate Manager Featured

SSL/TLS under spotlight and Begin with AWS Certificate Manager

By Dewansh Nigam ##AWS, #certificate-manager, #http, #https, #practical, #SSL, #tls

Introduction

Today, I am gonna describe SSL/ TLS in simple language. We are also gonna talk about AWS Certificate Manager and its relation with SSL.

To begin with…

What is SSL?

SSL stands for ‘Secure Sockets Layer’ is an internet security protocol. SSL was first developed by Netscape in 1995, for the purpose of ensuring privacy, authentication, and data integrity in Internet communications. Any website that uses ‘HTTPS’ means it has implemented SSL while HTTP websites do not have SSL implemented.

What is TLS?

TLS stands for Transport Layer Security is another protocol which is the successor of SSL. TLS is the newer version of SSL. In 1999 the Internet Engineering Task Force (IETF) proposed an update to SSL. Since this update was being developed by the IETF and Netscape was no longer involved, the name was changed to TLS.

Why SSL is needed?

In earlier days, data on internet used to transfer as plain-text which means if you enter your credit card details in a shopping website, the details used to reach the web server in plain text and could be intercepted in between exposing credit card details. This is a privacy threat.

SSL was created with the purpose of ensuring that any data transfer that happens over the internet is encrypted. This means if an attacker tries to intercept any request over the internet, it would see a garbled set of characters which is nearly impossible to decrypt instead of the real data. Satisfying isn’t it?

What is SSL Certificate?

Any website which wants to implement an SSL needs to have a certificate. This certificate is like a badge or ID card that can guarantee their identity. Websites that have SSL certificate can only implement SSL.

Very much like a person having a Government-issued passport can apply for Visa. A passport (issued by the Government) is a guarantee of a person’s identity and hence has the option of applying for Visa. Similarly a website (business) having an SSL certificate is a trusted organisation and can implement SSL.

Who issues SSL Certificate?

Certificates Authority (CA) issues SSL certificate after performing some validations or checks on the website that requests the SSL Certificate. There are 3 kinds of validation –

  1. Domain Validation : This is a simple check that business (which requests for the SSL Certificate) has a valid domain.
  2. Organisational Validation : This is a background verification of the business/organisation. The CA directly contacts the person or business requesting the certificate. These certificates are more trustworthy for users.
  3. Extended Validation: This requires a full background check of an organisation before the SSL certificate can be issued.

Types of SSL Certificate

There are three kinds of SSL Certificates that are issued –

  1. Single-domain: This certificate is issued for a single domain, like — www.example.com
  2. Wildcard: This certificate is issued for a domain and its sub-domains, like — www.example.com, www.blogs.example.com, www.docs.example.com
  3. Multi-domain: This certificate is issued for multiple unrelated domains.

How does SSL secure the internet?

Here is how SSL keeps the data over internet secure –

  • SSL encrypts the data that is transmitted over the internet.
  • SSL also stops certain kinds of cyber attacks: It authenticates web servers, which is important because attackers will often try to set up fake websites to trick users and steal data.
  • When a website is issued a certificate, one of the key things in the certificate is — public key.
  • User devices view this public key and use it to encrypt the data whereas the web server has a private key which is kept secret and that is used to decrypt the data.

AWS Certificate Manager

AWS certificate manager is an AWS service which helps you provision, deploy and manage your private/public SSL/TLS certificate.

Here is how you can request SSL/TLS certificate from AWS Certificate Manager.

  • Go to AWS Certificate Manager and click ‘Request Certificate’.
Request Certificate in AWS Certificate Manager
  • Click next
  • In this step, you can select

  1. Domain Names — for which you want to issue the certificate for.
  2. Validation Method — To validate the domain name ownership. Choose DNS validation to validate that you own the domain for which you want the certificate for.
  3. Key Algorithm — The algorithm that is used to encrypt the requests that generate from the domain.
  • Click Request and that’s it !

References

  1. SSL — https://www.cloudflare.com/en-gb/learning/ssl/what-is-ssl/
  2. AWS Certificate Manager — https://aws.amazon.com/certificate-manager/

Leave a Reply

Your email address will not be published. Required fields are marked *