An SSL certificate can prevent MitM attacks by ensuring that the user’s web browser connects to a legitimate website. This works through trust delegation. The website provides the browser with a certificate issued by a trusted certificate authority. Only then does the browser trust the website.
There are a handful of certificate authorities. Common browsers support most of these. Occasionally, a browser will remove a certificate authority if it deems it to be untrustworthy.
Just as not all certificate authorities are the same, not all certificates are the same. Here are several certificate varieties:
- Domain validation is the least expensive certificate to obtain. It covers basic encryption and verification of the ownership of the domain name registration. Additionally, it takes only a few minutes to obtain.
- Organization validation is a more sizable undertaking. In addition to basic encryption and verification of ownership of the domain name registration, organization validation requires authentication details such as the name and address of the owner. It can take several hours, and up to several days to receive.
- Extended validation (EV) provides the highest degree of security. In addition to authenticating the ownership of the domain name registration and entity, extended validation verifies the legal, physical, and operational existence of the entity. It can take a few days, and up to several weeks to receive.
If an attacker pretends to be the website, and lacks a valid certificate, the user’s web browser won’t establish a trusted connection. The browser will also issue a warning to the user cautioning them to be wary of the site.