Human nature – is it genuinely moral and trustworthy or corrupt and unethical. Philosophy, psychology and religion have dealt with this existential matter for centuries without being able to reach a unanimous conclusion. Well, they didn’t have the Internet. This unique habitat where millions of people are left almost exclusively to their own devices has in just three decades managed to expose a rather distressing side of human nature. The multiple ways online troublemakers have discovered to interfere with your life wouldn’t exactly inspire your faith in humanity and make you wish to leave your door unlocked. And the key that can protect your prized possessions online is SSL/TLS.
What exactly is HTTPS and why is it such a big deal?
Let’s start by defining HTTP. Essentially, HTTP is a protocol (set of rules) on an application level, for transferring files, such as text, images, sound, video, emails, etc. within the World Wide Web. By default, this data is transmitted in plain text, which means that anyone, who manages to infiltrate your connection, will be able to read any information you send or receive. This not only violates your privacy, but can lead to serious real-life consequences, such as identity theft, fraud, embezzlement, and other criminal activity. That is when HTTPS comes to the rescue. HTTPS is the secure version of HTTP, encrypting the data transmission with the help of SSL/TLS. SSL (Secure Socket Layer) and TLS (Transport Layer Security) are basically the same protocol, but TLS is the newer, open and free version of SSL (the name was changed for legal reasons).
How does encryption work?
Encryption is the process of using strings of symbols to transform plain text into a code, which can be deciphered only by those who know the used algorithm. With SSL/TLS we have two algorithms, called a private and a public key. The public key is widely accessible and is used to encrypt the data while the private key is unique and used to decrypt the transmitted information. The public key contains information about its owner and should correspond to the private key, which is authorized with the help of a digital certificate.
What is a Certificate Authority (CA)?
In order to make sure the connection is secure your browser needs to prove yours and your correspondent’s legitimacy. In order to do that, it relies on a third party which to vouch that everyone is who they say they are. This is the certificate authority- an official body, who has issued the digital certificate after making sure that the public key matches the private key issued for a particular domain or organization.If the connection is encrypted, but the certificate is self-signed (not issued by a CA recognized by the browser) you will see a warning.
This whole process has been turned by the CAs into a pretty lucrative business. Currently, there are about 1600 certificate authorities and out of those, until recently only two have provided free digital certificates and their issuance policies and installation have been complicated and highly selective.
Until December 2015, when the whole system faced a change of revolutionary proportions.
About three years ago, several leading IT companies came together to create the Internet Security Research Group (ISRG) – a public-benefit corporation dedicated to building a safe internet community. Their first project Let’s Encrypt is a CA, which issues free, automated, open-standard digital certificates. Its main goal is to encrypt the entire web, making it a safe place to share information.
The people of ISRG believe that encryption is so essential, that no one should be forced to pay for it in order to use it. That is why their TLS certificate is free to issue, re-issue or revoke.
Let’s Encrypt is a domain validation certificate, which means that it is issued per domain in order to verify its authenticity. The best part is that Let’s Encrypt is fully capable of issuing certificates for up to 100 domains under the same IP and therefore – the same cPanel. That includes primary, parked or subdomains, as long as they direct to the correct server IP or name servers.
The certificates they issue are signed by them as a legitimate Certificate Authority and cross-signed by another CA – IdenTrust.
The digital certificate is issued for 90 days at a time for additional security and regular reminders are sent when a re-issue is due. This way you make sure that the certificate is always renewed on time.
The entire process around installing the certificate and its configuration is automated. Let’s Encrypt can be implemented into your cPanel, which fits the entire operation on the user’s end into two clicks.
Although we are so used to it by now, the Internet is still a relatively new thing. We continue to be in the process of finding out its various uses and vulnerabilities. What we can say with certainty is that the wide web is not exactly a place to put your guard down, especially when we share private information. Let’s Encrypt is a huge step towards making the internet safe for everyone and we at WebHostFace are happy to contribute to this notion by making Let’s Encrypt available to all our customers.