What is an SSL certificate and how does it work?

  • 345
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    345
    Shares

What is an SSL certificate?

SSL (Secure Sockets Layer) is an international standard security technology that allows encrypted connection between a web browser and a web server. In fact, it is becoming the most popular type of e-commerce encryption. Most conventional intranet and extranet applications would typically require a combination of security mechanisms that include encryption, authentication and access control.

It is used by millions of online companies and individuals to secure credit card purchases, data transfer and logins, and more lately is becoming the standard when securing browsing of social media sites.

To build this secure connection (SSL), an SSL certificate or digital certificate (small data file that digitally binds a cryptographic key to an organization’s details.) is installed on a web server. It authenticates the identity of the website and it encrypts the data that’s being transmitted.

 

How Does an SSL Certificate Work?

When a browser tries to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a method called an “SSL Handshake”.

Actually, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key and vice versa.

The encryption and decryption process with private and public key needs more processing power, they are only used through the SSL Handshake to generate a symmetric session key. After the secure connection is established, the session key is used to encrypt all transmitted data.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply