This article will explain how SSL works and what SSL certificates provide.
What do SSL certificates do?
SSL Certificates provide two important roles for systems that use them:
- SSL certificates provide security by encrypting the data between the browser and the webserver.
Data encryption is critical for financial transactions or other situations where websites are requesting sensitive data from visitors. Many web users will not have confidence that their interactions with the website are secure and encrypted unless they see the lock icon, which provides a visual cue that an SSL certificate has been used to protect data.
- SSL certificates provide identity verification, through domain and organization validation. Only the verified owner of a domain name may purchase an SSL certificate for that domain. For Organization validated SSL certificates, only verified, approved representatives of the organization are permitted to purchase an SSL certificate for domains in use by the organization.
Extended Validation (EV) certificates take identity validation even further. Sites with an EV SSL certificate will cause the address bar on the web browser to turn green. Users are able to view information about the website that will help them to confirm that they are dealing with whom they believe they are dealing with.
Both applications of SSL Certificates are important for building a trust relationship with end-users that is required before they will pass along personal, or financial information to websites or online service providers.
How does SSL work?
In the case of web browsers surfing secure websites, SSL communication starts with the web browser requesting the digital certificate from the web server. The certificate contains the hostname of the web server, an expiration date of the certificate, the public key of the web server, and is signed by a Certificate Authority. The web browser can validate all of these pieces of information, except for the public key of the web server. If all the verifiable components pass validation, the web browser will generate its own public key and send it back to the web server. When the web browser's public key is sent back to the web server as a response, it uses the web server's public key, which was contained within the certificate, to encrypt the browser's public key being sent. Now both the web server and web browser will be able to communicate with each other using secure, encrypted communications because they have exchanged each of their public keys.