SSL/TLS Certificates: How Do They Work?March 3, 2020
Did you know that each time you visit an HTTPS URL (https://example.com/), there is a critical security check taking place at lightning speed before that website evens opens up? This is known as an SSL/TLS handshake — which stands for Secure Sockets Layer/Transport Layer Security — and it involves several behind-the-scenes steps that quickly and effectively ensure that any content about to be shared between your browser and the site will be safe from potential hackers.
On the other hand, you’ve likely seen a red warning triangle pop up in browsers like Google Chrome to flag sites with an HTTP URL (http://example.com) as “not secure”:
That’s because example.com is using the http:// prefix without an SSL/TLS certificate. For this reason, it’s considered vulnerable to hacker attacks and unsafe to visit. If it were a secure website, the URL would begin with the https:// prefix. The ‘s’ in HTTPS stands for secure and guarantees that an SSL/TLS certificate is being used to protect content shared over the internet.
So, what is an SSL/TLS certificate and how is it actually used in video streaming? Let’s jump right in to answer these questions and more.
What Is an SSL/TLS Certificate?
An SSL/TLS certificate is a file that’s stored on the origin server of the site you are visiting. When you try to open an HTTPS website, the SSL certificate verifies that your browser is communicating with the server that owns the website domain.
An SSL/TLS certificate contains information such as:
- The domain name for which the certificate was issued
- The person, organization, or device to whom it was issued
- The Certificate Authority that issued it
- The Certificate Authority’s digital signature
- Any associated subdomains
- The issue date of the certificate
- The expiration date of the certificate
- The public key
When you configure an SSL/TLS certificate for your website, it verifies to the client attempting to visit your site that you are, indeed, the owner of example.com — and that it’s a secure, trusted site.
Securely streaming video over HTTPS using an SSL/TLS certificate prevents hackers from pretending they own the site, while also guaranteeing the security of any information exchanged between your browser via encryption. Encryption involves scrambling the messages exchanged between your browser and the servers. This process of ciphering and deciphering helps ensure that streaming content remains secure while traveling across the public internet. We’ll go over this in much more detail in the next blog in this series.
Which Certificate Do You Need: SSL or TLS?
Because the terms SSL and TLS are used interchangeably, either one is fine. Secure Socket Layer (SSL) and Transport Layer Security (TLS) are both encryption-based security protocols that protect information shared between your browser and the website you are visiting.
What’s the difference between the two? Well, SSL was created by Netscape back in the early 90s, but due to some urgent security issues, it received a much-needed makeover by the Internet Engineering Task Force (IETF) in 1999. The IETF then took ownership of the new and improved protocol and changed the name from SSL to TLS.
Rest assured: If you’re streaming over HTTPS today, then you are almost definitely using TLS. True SSL was deprecated years ago. Many people still refer to SSL — which can indeed be confusing — but the technically correct term for this security protocol is TLS. Even so, the term SSL certificate is ubiquitously used, and here at Wowza Media Systems, we refer to the certificate that we offer for download as the StreamLock SSL Certificate.
Because SSL and TLS continue to be used interchangeably, I’ll be referring to it as SSL/TLS for the rest of this blog series.
How Is SSL/TLS Encryption Used in Video Streaming?
SSL/TLS can be used on top of the Transmission Control Protocol (TCP) to establish a secure connection via what is commonly called the SSL/TLS handshake. This is where a conversation takes place between the server (the website) and the client (your browser) to confirm the validity of the server’s SSL/TLS certificate using public keys and private keys as a test. If the server passes the authenticity test, an agreement is made regarding how the site content will be encrypted.
How Do I Configure an SSL/TLS?
It’s best to obtain a certificate through a valid Certificate Authority (CA), which describes third parties that issues SSL/TLS certificates for free or a small fee. As a CA, Wowza offers the StreamLock SSL certificate for free with all subscription licenses for Wowza Streaming Engine. StreamLock-provisioned SSL/TLS certificates can also be used for secure HTTP (HTTPS), RTMP (RTMPE), and RTMP (RTMPS) streaming — the latter of which is now required when broadcasting to Facebook Live.
You can also use an SSL/TLS certificate from a CA outside of Wowza’s StreamLock SSL certificate for Wowza Streaming Engine. Please visit our security documentation for instructions on how to acquire and import an SSL/TLS certificate.
Alternatively, some people choose to skip the process of requesting a certificate from a CA and instead generate a ‘self-signed’ certificate using their own method and keys for encryption. Self-signed certificates don’t have an outside authority verifying their ownership of the website domain or server.
A word of caution: not all browsers recognize self-signed SSL/TLS certificates as trustworthy, and as a result, some browsers block the website from loading. For this reason, it’s better to get a signed certificate from Wowza or another trusted CA.
What’s Next: SSL/TLS Handshake Overview
It’s truly incredible that all of this is taking place in the background when you open a website using an https:// prefix. In the next blog in this series, we’ll cover the basic steps in the SSL/TLS handshake that must occur for your streaming content to be encrypted.