SSL or Secure Socket Layer is a standard security technology that establishes an encrypted connection between a website server and a browser. This connection or link ensures that all data that is passed between the website server and browser will remain private.
This is an industry-standard for securing data and used by millions of websites to protect online communications with users.
How Does SSL Work
When you access a website that is secured by SSL, your browser and the website server establish the SSL connection using the process called SSL Handshake and this will happen instantly.
There are three keys that are used to set up the SSL connection: public, private, and sessions keys. Anything that is encrypted with the public key can only be decrypted with the private key, and vice versa.
Encrypting and decrypting with private and public takes a lot of processing power, these are only used during the SSL Handshake to create a symmetric session. Once the secure connection is made, the session key is used to encrypt all data.
Two concepts you’ll need to understand – symmetric and asymmetric encryption:
- Symmetric encryption: Two computers that use the same key (complex code generated by one of the computers) to lock and unlock the data they send.
- Asymmetric encryption: Instead of using one key, there are two. The public key is used to lock the data, and the private key is to used to unlock it.
1. When Browser connects to a website server with secured SSL (https), the Browser requests that the server identify itself.
2. Website Server sends a copy of the its SSL Certificate, including the server’s public key.
3. Browser will check the certificate root against a list of trusted CAs and if the certificate is not expired and that its common name (domain name) is valid for the website it is connecting to. Once the Browser trusts the certificate it’ll create, encrypt and sends back a symmetric session key using the server’s public key.
4. Server then decrypts the symmetric session key using its private key and send it back with an acknowledgement encrypted with the session key to start the encrypted session.
5. Now Server and Browser has encrypted transmitted data with the session key.
Do I Need an SSL Certificate
Do you sell products? Probably. Do you offer memberships? Maybe. Do you need your visitor’s information via forms? Maybe. You’ll need to consider these kinds of questions before getting an SSL. Though it is a great advantage if you have SSL for your website to increase security, as this:
- Enhance client confidence
- Enhance website professionalism
- Protect your client’s personal information during registrations
- Protect your client’s login credentials during authentication
- Prevent unauthorised modification to your data transactions
- Prevent identity theft
Also, Google gives a small ranking boost to websites using SSL. This is a big help if you wish to get found in search engines. Click the guided link to know more of the different SSL Certificates.