What is an SSL certificate and how does it work?

Share if you likedShare on Facebook0Share on Google+2Tweet about this on TwitterShare on LinkedIn13

What is an SSL certificate?

SSL (Secure Sockets Layer) is an international standard security technology that allows encrypted connection between a web browser and a web server. In fact, it is becoming the most popular type of e-commerce encryption. Most conventional intranet and extranet applications would typically require a combination of security mechanisms that include encryption, authentication and access control.

It is used by millions of online companies and individuals to secure credit card purchases, data transfer and logins, and more lately is becoming the standard when securing browsing of social media sites.

To build this secure connection (SSL), an SSL certificate or digital certificate (small data file that digitally binds a cryptographic key to an organization’s details.) is installed on a web server. It authenticates the identity of the website and it encrypts the data that’s being transmitted.

 

How Does an SSL Certificate Work?

When a browser tries to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a method called an “SSL Handshake”.

Actually, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key and vice versa.

The encryption and decryption process with private and public key needs more processing power, they are only used through the SSL Handshake to generate a symmetric session key. After the secure connection is established, the session key is used to encrypt all transmitted data.

Share if you likedShare on Facebook0Share on Google+2Tweet about this on TwitterShare on LinkedIn13

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply