If you are working on security, especially online security, you will need to know about SSL. So what is SSL (Secure Socket Layer)? It encrypts data transmission from (1) server to server or (2) server to you. This is very important as it prevents man in the middle attacks such as site forgery, especially for banks or sensitive information.
You can now verify your connection by the green lock on your browser. If its not showing, then the communication between you and the website is public and open.
You can purchase signed certificates from CA (certificate authorities) most commonly by yearly subscriptions and they range from USD$50 – USD$1500. Depending on your needs, you can secure one domain www.mywebsite.com or multi-domain *.mywebsite.com. The latter is useful if you have multiple services via subdomains.
My personal recommendation is either DigiCert (trusted by Facebook/IBM/BMW) or Symantec.
Common de-facto Standards
Currently certs should have a 2048-bit SSL cert with 256-bit RSA encoded transmission. Google.com uses an SSL Cert “The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.” which is generated via Elliptic Curve Public Key algorithm.
You will be amazed that how much large websites do not have certs or encryption in place.
Top SSL providers by market share
- Comodo – 41.0%
- Symantec – 30.2%
- GoDaddy – 13.3%
- GlobalSign – 10.4%
- DigiCert – 3.1%
- StartCom – 2.2%
- Entrust – 0.8%
- Verizon – 0.7%
- Trustwave – 0.6%
- Secom – 0.6%
New open initiative CA – LetsEncrypt
(by Mozilla / Facebook / Cisco / Chrome / Shopify )
A free CA (letsencrypt.org) is now provided by Major players that allow you to generate new certs for your web servers.
To install on MacOSX
$ brew search letsencrypt
$ brew install letsencrypt