What are online security certificates, SSL, HTTPS and how do they work?
If you’re interested in technical details, the best really is to read relevant standards. However, it’s relatively easy to give you a good idea of what they are.
All these acronyms and other (DER, BER, PEM, x509, …. ) are for the same thing. That is a digital “document” with the following content in simple terms:
- reference (ID)
- owner
- issuer
- effective date
- expiry date
- owner’s encryption key
- <loads of caveats and technical jargon>
- issuer’s signature
The purpose of the certificate is to create a link, verified by the issuer, between:
- owner; and
- owner’s encryption key
Just like with any other document you need to trust the authority of the “issuer” of the certificate. You can issue certificates for your friends (so long as they trust you) or you need to pay someone who is trusted by Google, Microsoft, Red Hat, Linux distribution managers,…
These companies add “trusted issuers” into computers and browsers they sell / distribute. So if you reach a website, e.g.,https://keychest.net , and it provides a certificate issued by one of the “trusted issuers”, your browser will show a green padlock.
What exactly the “green padlock” mean is a more complicated question. :)