Secure Socket Layer
SSL is the security technology that helps encrypt and secure all data that’s transmitted through a website. The SSL protocol helps establish an encrypted link between a web server and the browser(s).
This standard security technology thus helps ensure that all the data that’s transmitted through such secured websites remain private and fully secured. SSL protocol (followed by the upgraded TLS protocol) is now used across the world, to secure millions of websites and the data (especially sensitive personal data) transmitted over the same.
It’s the SSL certificate that helps establish an SSL connection between a web server (a website) and a browser. Any user/website owner who wants to activate SSL connection on a web server (website) would have to give out all details about the identity of the company or the website. It’s after proper authentication that the SSL certificate is issued. (It’s to be remembered that SSL certificates are issues either to companies or to legally accountable individuals, after proper authentication of their identities).
When an SSL connection is established, the web server creates two cryptographic keys- a Private Key and a Public Key. The Public Key is public, ie, not necessarily a secret and would be part of the CSR (Certificate Signing Request), which is basically a data file that contains all details pertaining to the website, the company or the website owner. The CSR is submitted and as part of the SSL certification application process, the CA (Certification Authority or Certificate Authority) would validate all details and then only issue the SSL certificate. The certificate will contain all necessary details about the website/company. An SSL certificate would typically comprise of details like domain name, company name, address, city, state, country etc, plus details regarding the expiration date of the certificate, details of the CA etc.
Whenever a web browser seeks to connect to a website that’s secured with SSL certificate, it would first retrieve and verify the website’s SSL certificate. The authenticity needs to be verified and it needs to be checked if the certificate hasn’t expired. It would also be verified if the browser trusts that particular SSL certificate and also that it’s being used on the website for which it has been issued. If there is an issue, the user would be warned; if everything is OK, the user would get to know, from the indicators, that the website is secured by an SSL certificate.