Introduction
In this article I will briefly describe the concept of SSL certificate for a website and its importance. In addition I’m going to show an example how this knowledge helped me. With that knowledge I solved a CTF (capture the flag) problem which ultimately led to me writing this blog post.
SSL Certificate – overview
SSL certificate is component of a website that is used to establish secure connection between user’s browser and web server. The name of the term contains the abreviation SSL meaning Secure Socket Layer, which is a cryptographic protocol designed for secure data exchange in computer network. However, there is a newer and more secure protocol TLS (Transport Layer Security). It is used widely today, but the term “SSL certificate” is still commonly used.
You can see instantly if the website is secure by either finding “lock” icon next to or “https” prefix in the URL of a website.
Benefits of having valid SSL certificate include:
- secure communication between browser and webserver by encrypting data to prevent stealing data by hackers
- in case of certificate granted by Certificate Authority it gives increased trust to the website
- Higher search rankings of the website in web browser
The process of verifying and encryption of data transfer is hidden from user. Basically, in order to establish secure connection, the browser needs to check validity of server’s signature (“ID” of a certificate created using hash function – I will cover this topic more indepth in different post).
Usually a website will have intermediate signatures that should lead to Root Certificate that belongs to highly trusted Certification Authority (CA) e.g. Let’s Encrypt or DigiCert. All these signatures (IDs) create a “trust chain” and if all those are valid then the browser and server will encrypt data transfer.
Check out this short video demo of the “trust chain” and how to view certificate in a browser. In this example I used microsoft edge browser. However, the process should be similar in other browsers.
Paid vs free SSL certificate
Digital certificates for websites can be obtained by buying one from Certificate Authority (CA) or getting a free one from some SSL Certificate providers e.g. “Let’s Encrypt”. In short, the free one only verifies if that the domain is registered and connection is encrypted. This option is a good option for small and non-commercial organizations.
On the other hand the paid one has also proof that the owner of the domain is a legitimate. Hence, it is expected that websites collecting personal information have a certificate from CA.
In addition, there are tools to create a digital certificate at no cost aka self-signed certificates, but this won’t be viewed as secure connection by browsers.
Links:
For more information, you can check following links:
- How It Works – Let’s Encrypt
- What is an SSL certificate? | Cloudflare
- What is SSL, TLS and HTTPS? | DigiCert
Personal example – solving simple CTF
Once I underestimated that SSL certificates may contain some usefull information like alternative domain name. I couldn’t have found that by just simple enumeration in search of website’s subdomains. That fact was the key to help me finish solve a simple CTF task ( capture the flag – task for hackers to break into fake system to get the flag – secret text). Check video below: