What does Shared SSL mean? hosttest explains

Communication encryption on the internet is primarily done through SSL certificates. They serve the secure exchange of data and also the identification of both parties. Encryption can be identified directly in a web address by the prefix https:// instead of http://, where HTTP stands for the protocol used and the additional S stands for Secure.

What tasks do SSL certificates fulfil?

Since 2015, it is advisable for all websites to use this standard for web hosting with SSL, as it is taken into account by search engine rankings. Since 2016, many popular browsers such as Google Chrome or Mozilla Firefox have also started to reject unencrypted connections, display warning signals, or require explicit consent to display the visited website.

In general, for secure communication, two conditions must be met: firstly, the content must be protected from third-party access. Secondly, both endpoints must be uniquely identified so that the sender and receiver can be sure they are communicating with the selected partner. SSL certificates fulfil both tasks by creating an individual key pair for a specific website, whose authenticity is confirmed by an independent institution like Let's Encrypt.

Encryption also has the ability to compress data through various methods to optimise speed. A generated checksum ensures that the content has been transmitted completely and unchanged. SSL certificates serve as both a publicly available "key" and a "fingerprint" for the involved computers. The type of connection and the algorithms used are negotiated by the Transport Layer Security (TLS) protocol in each connection.

How does communication through SSL certificates work in detail?

If a secure connection is to be established using SSL certificates, the server and visitor go through a so-called Three-Way Handshake. Both parties "greet" each other, negotiate the type of encryption to be used, and then exchange their individual SSL certificates. Subsequent communication is then encrypted using secure algorithms, making it impossible for third parties to eavesdrop or manipulate.

SSL certificates consist of a public and a private key, utilising both "symmetric" and "asymmetric" cryptography. In this type of encryption, a message is encrypted with the public key and can only be decrypted back to plaintext with the corresponding secret private key. There is no need to use a shared "password" that needs to be transmitted without encryption during the initial contact. This makes decryption from external sources impossible, even if the entire communication has been recorded by a third party from the beginning. The public key itself can be safely sent and publicly published - for example, on a website for encrypting emails.

At the beginning of the encryption process, both parties exchange their SSL certificates, which include, among other details, the public key. The client now verifies its authenticity with an independent registration authority and additionally checks if the SSL certificates were issued for the specific website. If the verification fails, the connection is terminated. Otherwise, the encryption generates a unique session key, exclusively used for that one connection and for a limited time. This key is encrypted and sent using the other party's public key. The receiving end retrieves the session key and establishes a single, individual symmetric encryption for each session.

What is the difference between Dedicated SSL and Shared SSL?

Institutions like Let's Encrypt issue SSL certificates for each website individually and allow their use exclusively by that address. This way, encryption uniquely establishes the identity and prevents communication from being redirected to a foreign server. A third party cannot work with a foreign certificate or issue their own with a foreign address. The downside of these individual, "dedicated" SSL certificates is that their creation and setup are relatively time-consuming. Before the establishment of Let's Encrypt, SSL certificates were always paid for and had to be created manually. This process sometimes took several working days.

In contrast, with Shared SSL, certificates are issued for a specific web host or its server and are used collectively by its customers. As a Wildcard SSL certificate, they can be used for multiple different domains. This simplifies the setup of SSL encryption, speeds up the process, and reduces costs. For this reason, many providers and hosts offer their customers (usually free) Shared SSL certificates for their websites.

The downside of Shared SSL is that while it clearly identifies the web host, it does not identify an individual domain located on their server. While it generally facilitates encryption, it does not allow a visitor to definitively identify an address. Theoretically, another website on the same server could impersonate their identity because both use the same SSL certificates. For this reason, Shared SSL is only recommended to a limited extent for security-critical applications such as online shops. Alternatives are provided by service providers like the non-profit organisation Let's Encrypt, which issue SSL certificates for individual websites free of charge and promptly.

Photo: skylarvision pixabay.com