Securing Website TLS SSL, Certificate Authority, Self Signed Certificate, and Open source tools

When was the last time you visited a website that requires to login with your username or email and password? That mechanism can be found everywhere today including the bank website, Social Network Service (SNS) site, email service, or an ecommerce website. Everytime when you sign in through this service, you are essentially saying "yes, I trust this website, so I am willing to share my personal information such as my name, my gender, address, and sometimes even credit card information." But how can you trust that website? To put this context in a different way, what can the website do to secure the transaction through the website so you can trust it?

In this article, I want to demystify the mechanisms what makes a secured website to be secure. I will start by discussing about the web protocols, that is **HTTP** and **HTTPS**, and the concept of **Transport Layer Security(TLS),** which is one of the cryptographic protocols in **Internet Protocol** layers. Then, I will introduce how the Certificate can help to achieve this, and this includes the discussion about **Certificate Authority (CA)** and **self-Signed certificate.** Lastly, but most importantly, I will introduce few open source tools that can help to create and to manage these certificates.