SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted connection between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook).

Encryption is the process of scrambling data into an unreadable format that can only be returned to a readable format with the proper decryption key.

Normally, data sent between browsers and web servers is sent in plain text. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information.  SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely.

Why Do I Need An SSL Certificate?

  • Keeps data secure between severs
  • Increases your Google Rankings
  • Builds/Enhances customer trust
  • Improves conversion rates

How SSL Certificates Work

When a browser attempts to access a website that is using SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake”. Note that the SSL Handshake is invisible to the user and happens instantaneously.

Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa.

Because encryption and decryption with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data.

 

ssll

 

  1. Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself.
  2. Server sends a copy of its SSL Certificate, including the server’s public key.
  3. Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
  4. Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
  5. Server and Browser now encrypt all transmitted data with the session key.

 

Hope this article will help you to understand the concept to SSL. Don’t forget to give us your feedback on [email protected].