Many have been confused to what is the go with SSL(Secure Socket Layer) security aka TLS (Transport Layer Security). We all know its for security purposes online, to encrypt your communications between websites. We also know how it passes a public key or shared key in order for the client browser to decrypt and the server to decrypt using its private key. And protect communications from frying eyes.. etc etc.
But as I beginner in SSL , how would one implement this? And questions arises .. When I was learning it at these were the question that popped in my head.
- Why do we need a CA (Certification Authority)?
- This Authority identifies who you are or in our case our website. A stranger cant just trust anyone online, let alone giving you their credit card details. So these guys are authorities that will ask a bunch of questions and documents so you can prove your identity and the authority will trust you and the public will trust the authority that trusted you.
- When should we implement a Self-signed certificate?
- You can try to self-signed your own certificate but as mentioned, they will get a confirmation in your browser whether they should trust you or not. Your website will still be secure and protected but the trust issue is still at hand. That means you can generate your keys to encrypt your data line. But efficiency and peace of mind and for your audience in the internet, go with a CA otherwise use your self-signed only a need to need basis in your own network.
- Who generates the keys?
- The keys will be generated upon creating a CSR file, a certificate signing request will also generate the public key and private key, then depending on your CA, you will get an intermediate key that also gets installed on your website, so that the CA can identify your website. More information here : http://stackoverflow.com/questions/5244129/use-rsa-private-key-to-generate-public-key
- What types of certifications are there?
- Theres a bunch! Positive , wildcards are mostly offered by CA and quick search should point you to the right direction. But first off positive one only secures your yourdomain.com and www.yourdomain.com, wildcards as you may suspect gives your sub-domains plus the with or without www.
There are plenty of articles about how to implement this on your site. Especially a WordPress one like this one.
Most of the questions above will be answered by the above link.
Useful link below:
What is CSR file for? https://www.sslshopper.com/what-is-a-csr-certificate-signing-request.html