Understanding SSL

  • 2 minute(s) read
Prev Next

Overview

With HTTP/2, most websites (including blogs, portals, online stores, social media, etc.) use HTTPS. This introduces the need to maintain current SSL certificates in order to keep websites running properly for your customers.

To support this, Catchpoint offers SSL monitoring to not just monitor the certificate expiry, but also to check host mismatch, insecure protocol (like SSLv2 or SSLv3), weak signature (like MD5 or SHA1), certificate revocation, untrusted root, and lot more including certificate pinning.

The SSL monitor supports not only HTTPS, but any secure application protocol on top of TCP (like SMTPS, POPS, IMAPS, FTPS, WSS, MQTTS etc).

What is an SSL Certificate?

SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the https protocol and allows secure connections from a web server to a browser. Originally, SSL was mostly used to secure credit card transactions, data transfer, and logins. Now it is the norm for most websites to use SSL.

SSL Certificates bind together:

  • A domain name, server name, or hostname.
  • An organizational identity (i.e. company name) and location.

How does an SSL Certificate work?

The basic principle is that when you install an SSL certificate on your server and a browser connects to it, the presence of the SSL certificate triggers the SSL (or TLS) protocol, which will encrypt information sent between the server and the browser (or between servers.)

SSL operates directly on top of the transmission control protocol (TCP), effectively working as a safety blanket. It allows higher protocol layers to remain unchanged while still providing a secure connection. So underneath the SSL layer, the other protocol layers can function as normal.

If an SSL certificate is being used correctly, all an attacker intercepting your web traffic will be able to see is which IP and port is connected and roughly how much data is being sent. They may be able to terminate the connection, but both the server and user will be able to tell this has been done by a third party. Most importantly, the attacker will not be able to decrypt and read the intercepted data, which makes it essentially an ineffective attack.

The hacker may be able to figure out which host name the user is connected to but, crucially, not the rest of the URL. As the connection is encrypted, the important information remains secure.

SSL Connection Steps

  1. SSL starts to work after the TCP connection is established, initiating what is called an SSL handshake.

  2. The server sends its certificate to the user along with a number of specifications (including which version of SSL/TLS and which encryption methods to use, etc.).

  3. The user then checks the validity of the certificate and selects the highest level of encryption that can be supported by both parties and starts a secure session using these methods. There are a good number of sets of methods available with various strengths - they are called cipher suites.

  4. To guarantee the integrity and authenticity of all messages transferred, SSL and TLS protocols also include an authentication process using message authentication codes (MAC). All of this sounds lengthy and complicated but, it’s achieved almost instantaneously. (reference)

Learn how to monitor SSL certificate status with Catchpoint