Security is important, whether it is virtual or physical.
In the same way as you lock your house, car, safe, … you should secure and protect your online assets. These can be websites, applications, VPN connections, etc. You wouldn’t like it if someone is just able to walk in your house and eat out of your fridge, same as you wouldn’t like it as if someone is just able to connect to your bank account and empty it.
What in the world is a certificate?
Well, to keep it simple (really simple) it’s a file that serves two purposes.
The first is to Authenticate and Verify.
The certificate has information about the person/company/website/… you are visiting. You can easily see this information by clicking the small padlock next to the website’s URL for example.
As you can see in the above screenshot, the purposes of the *.easi.net certificate is to ensure the identity of the remote PC, but also to ensure the identity of your pc (for example to avoid man in the middle attacks).
The second is to Encrypt the communication.
The certificate also enables encryption. This means you can safely send sensitive information (bank info, credit card info, etc.) without having the risk of interception of the data (intercepting will still be possible, but the data will be unable to be read by other instances as the intended recipient).
So, how does this encryption magic work?!
In fact, we can break it down to something really simple!
Let me sketch you a situation which was fairly common when I was growing up;
You and your friends are having a playdate, but you want to share a secret that should not be heard by your parents.
A popular way to pass the message was the P-language.
You are the sender (server). Your friend is the receiver (client). Your parents are the people sniffing the network for valuable information.
You “encrypt” the message using the P-language. Your friend, who also knows the P-language, decrypts it. Your parents are able to hear the message that is encrypted, but can’t understand the P-language.
Encryption in the online world works in the same way. Client & Server both possess a public and a private key. The public key is used to scramble the message, and the private key is used to restore it to the original format (un-scramble).
The process
Every certificate that is issued by a Certificate Authority is for a specific server and a website domain. For example, the screenshot of the certificate above is issued for all websites that are owned by EASI.net.
When someone is using their browser to access www.easi.net, there happens a handshake between the client and server. How the handshake exactly works, you can find out in the schema below:
