Trust is the name in the game

Transport Layer Security (TLS) protects data while it moves from a server to your device. It is an improved version of Secure Sockets Layer (SSL). SSL is no longer used as it is not considered secure, but its name has stuck around.

When your browser requests an https url, for instance, https://example.com, before it gets any website content, it verifies the certificate is valid before proceeding. If the certificate has expired, has been revoked, or is not issued from a known certificate authority, then your browser will decide what to do. It could either say it can't load because there is an error or provide an ugly and scary warning to the user. It is usually the latter. Regardless, either situation is something you can and should avoid by doing an audit on your certificates often. Also, keeping a shorter expiration date on them will force you to renew them sooner so any problems that arise, either due to a problem with a certificate authority or a weakness in the actual SSL encryption, can be updated on a more manageable schedule.

Anyone could make an SSL certificate for themselves from scratch. The problem with that approach is if you share your website with someone else, it is very likely they will receive a warning that the certificate is not trusted.

Trust is the name in the game. The way trust works in a browser is the following. Each browser decides which certificate authorities they want to trust. They can't trust everyone so they carefully select and include the certificate authority's certificate and embed that in your browser. Each certificate authority has a root certificate. They usually will create another certificate called an “intermediate certificate” which enables them to create your certificate based on that.

So the flow of trust goes like this: Root Certificate Authority → Intermediate files → Website certificate

When you visit https://example.com, your browser and the server talk back and forth with each other and exchange data. That data must match up exactly. If there is an extra character in the certificate, it won't work.

When you hook up your SSL certificates on your server, you will need to include these intermediate certificates. While most modern browsers will work just fine, some older mobile browsers that don't carry all the certificate authorities might fail. In that case, your page won't render at all. Yes, adding the intermediate file adds bytes to each request. More bytes means it takes longer to get to the user which means it would take a split second longer to verify a connection. This shouldn't matter for most organizations, but it is something to consider.

A helpful website to verify all is well with your certificate and your server setup can be found here.

navigate_before navigate_next
Home Approach Focus Case Studies People Careers Blog Contact