What Is SSL?
Secure Sockets Layer (SSL) technology is a security protocol that is today’s de-facto standard for securing communications and transactions across the Internet. SSL has been implemented in all major browsers and Web servers, and as such, plays a major role in today’s e-commerce and e-business activities on the Web. The SSL protocol uses digital certificates to create a secure, confidential communications “pipe” between two entities. Data transmitted over an SSL connection cannot be tampered with or forged without the two parties becoming immediately aware of the tampering. The newest version of the SSL standard has been renamed TLS (Transport Layer Security). You will often see these terms used interchangeably. Since the term SSL is more commonly understood, we will continue to use it throughout this paper.
The Secure Sockets Layer (SSL) (and Transport Layer Security (TLS)) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel between two machines operating over the Internet or an internal network. In today’s Internet focused world, we typically see SSL in use when a web browser needs to securely connect to a web server over the insecure Internet.
Technically SSL is a transparent protocol, which requires little interaction from the end user when establishing a secure session. For example, in the case of a browser, users are alerted to the presence of SSL when the browser displays a padlock, or in the case of Extended Validation SSL the address bar displays both a padlock and a green bar. This is the key to the success of SSL – it is incredibly simple experience for end users.
What are SSL Certificates?
An SSL Web server certificate authenticates the identity of a website to browser users and enables encrypted communications using SSL. When a browser user wants to send confidential information to a Web server, the browser will access the server's digital certificate and obtain its public key to encrypt the data.
Since the Web server is the only party with access to its private key, only the server can decrypt the information. This is how the information remains confidential and tamper-proof while in transit across the Internet.
Understanding Digital Certificates & Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) digital certificates are electronic files that are used to identify people and resources over networks such as the Internet. Digital certificates also enable secure, confidential communication between two parties using encryption.
Certificates are issued by a Certification Authority (CA). Much like the role of a passport office, the CA validates the certificate holder's identity and "signs" the certificate so that it cannot be tampered with or altered.