SSL Implementation

Whenever we open a web page, we can see the URL either starting with HTTP or https. On HTTP, all the data transmission between the browser and the server is a plain text. Generally, this is not an issue until a sensitive data, like login password, credit card details, bank login passwords, needs to be transmitted over the network.

Transferring such confidential data over the network need to be encrypted so that only intended receiver can decrypt it. SSL comes into the picture when such requirement arises. An SSL-enabled website has HTTPS URL.

What is SSL?

SSL stands for Secure Sockets Layer, an encryption technology that was created to establish an encrypted connection between web server and web browser.

All browsers have the capability to interact with secured web servers using the SSL protocol. However, the browser and the server need what is called an SSL Certificate to be able to establish a secure connection.

What is SSL certificate?

SSL Certificate is a key pair: a public and a private key. These keys work together to establish an encrypted connection.

To get a certificate, one must create a Certificate Signing Request (CSR) on the server. This process creates a private key and public key on your server. The CSR data file that you send to the SSL Certificate issuer (called a Certificate Authority or CA) contains the public key. The CA uses the CSR data file to create a data structure to match your private key without compromising the key itself. The CA never sees the private key.  

How SSL works?

When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake” explained below:

• Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself.
• Server sends a copy of its SSL Certificate, including the server’s public key.
• Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
• Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
• Server and Browser now encrypt all transmitted data with the session key.

How to implement SSL on Ubuntu system?

1. Install openssl by running sudo apt-get install openssl. 
2. Generate key file by running openssl genrsa -out YOUR_KEY_NAME.key 2048 or
openssl genrsa -out YOUR_KEY_NAME.key 4096.
3. Create CSR file by running openssl req -out YOUR_CSR_FILE_NAME.csr -key YOUR_KEY_NAME.key -new -sha256
4. Submit the CSR file to the SSL issuing authority. They will issue the certificates. CSR file can be viewed by running openssl req -in YOUR_CSR_FILE_NAME.csr
5. Save your certificates and the generated key file to the server.
6. Restart your server.