A few quick answers about what SSL/TLS certificates are

Why use SSL certificates?

SSL/TLS certificates make it possible to add two important functions, for online communication.

1. Sender identityIf the certificate contains the name you are talking to and your machine trusts the issuer of the certificate, your machine trusts that you are talking to the correct web server, in addition, data you receive is signed with the certificate so that it cannot be manipulated in transit.
2. Data secretTwo parties who have never met before can, via a very insecure channel (e.g. the Internet), create a secure channel without those listening on the insecure line being able to listen in the secure one.

It is currently possible to create an encryption without the TLS certificate, but it is still the only thing we can use to make sure that the server we are talking to is the right one.

Why won't the internet work without SSL/TLS?

The only form of encryption available would be symmetric encryption, this means that parties who need to talk securely must have a secret code in advance that is not communicated over an insecure channel such as the internet/phone.You would then have to go down to the bank, post office, webshop, workplace, etc. and agree on a code with each of them before talking to them on the network.Everyone else you would not be able to communicate with securely as any attempt to agree on a code over the internet will be able to be bugged. And you even if you exchange a code securely with the other party, you are not sure if it is the right people you are talking to or someone sitting between you and them (Man in the middle) .So stop creating accounts on websites, shopping from ebay, amazon, facebook or entering credit card information online.Everyone would be able to listen in, get each other's codes and more importantly everyone will be able to impersonate each other.

What is in an SSL/TLS certificate?

An SSL/TLS certificate always consists of at least a private key that only the owner knows and a public key that everyone has access to.

In addition, the certificate may contain information:

• Who belongs to the certificate, e.g. FairSSL ApS or Sole Viktor
• Who can communicate as the certificate, e.g. www.fairssl.dk or info@fairssl.dk
• Who made the certificate and their signature, e.g. GlobalSign with a SHA256 signature
• Where to get a copy of the public certificate (public key) that created this certificate, typically a URL or local file path.
• Where to check if the certificate has been withdrawn. (CRL/OCSP)
• For what purposes the certificate may be used, e.g. encryption of email data, signing applications, server communication, client communication or creating new certificates
• When is the certificate valid from and to

Why is there an expiration date on an SSL certificate?

Certificates expire, among other things, to reduce the time a potential hacker has to break the key.

It also forces faster replacement of certificates that may contain flaws that are not found until later.

Potentially, it also decreases the time in which a lost/stolen certificate can be used, but this is more theoretical since an abuse of a few hours can in itself be disastrous..

What is the difference between a certificate issued by a trusted CA, internal CA or self-issued?

• Trusted Public CAA certificate issued by a trusted CA, such as Comodo, will be signed by a certificate created by a trusted root certificate installed in clients from birth, such as Nokia, Microsoft, Sony, etc. The requirement for the trusted CA will typically be to comply with a number of strict regulations such as those specified by CAB/Forum.
• Internal CAWorks in the same way, it is issued by another intermediate or root certificate, but the root certificate must be installed on each client PC/mobile phone it needs to work with, e.g. a company's IT department.
• Self-Issued/Self-Signed CertificateThere will be trust in the certificate only if a copy is installed on each client.

What is the relationship between HTTP, HTTPS and Certificate?

HTTP is a protocol that determines how a browser and web server talk to each other.

HTTP (S) is the addition of an SSL/TLS layer that bypasses HTTP that secures the communication.

The browser uses SSL/TLS to ensure:

• That the certificate is signed by a chain of certificates that ends with a root certificate installed on the client
• That the certificate is still valid and has not been withdrawn
• That the certificate contains a SAN DNS/IP name that matches the server being communicated with
• That a secret can be created between the browser and the web server that can be used to encrypt the communication.

Is there any relationship between certificate and sending encrypted data?

SSL/TLS certificates are used for encryption by exchanging a random key to be used subsequently to encrypt the data itself, encrypted using the public key in the certificate.

It is called asymmetric encryption, since a public key known from the certificate is used by the client to encrypt a random secret and the recipient (server) can as the only decrypt using its secret private key.

In simple terms, the following steps occur for a browser:

1. The browser client uses the web server's public key (which everyone has access to) to encrypt a secret it has made up.
2. The web server then decrypts the secret, using its private key (which only it has).
3. Now both web server and browser client have the same secret without anyone else being able to understand/eavesdrop on it.
4. They are now switching to a faster symmetric encryption, with the same secret to encrypt and decrypt the information with.

It may seem a bit confusing, but the point is that the asymmetric encryption with the SSL/TLS certificate makes it possible to hand over a secret to the web server that only it can understand. After this, the certificate is not used for the encryption (secure email communication being the exception), but instead a symmetrically faster encryption.

Why is online encryption written as SSL, TLS or SSL/TLS?

It has become common to call online encryption SSL (Secure Sockets Layer) since it was the first protocol widely used for online encryption. However, the TLS (Transport Layer Security) protocol is a further development of SSL 3.0, which is used today.