One of the most important components of the online business is the development of a positive atmosphere in which potential customers feel confident about making buys. By creating a secure connection, SSL certificates provide a foundation of trust. Browsers provide special visual signals that we call EV indicators— anything from a green padlock to a branded URL bar to assure visitors that their connection is secure.

SSL certificates have one key pair: a private key and a public key. Such keys function together to form an encrypted connection. The certificate also includes what is called the “subject,” which is the certificate / website owner’s identity.

You will need to build a Certificate Signing Request (CSR) on your server to get a certificate. This process creates a private key on your computer, and a public key. The public key is found in the CSR data file that you send to the issuer of SSL Certificates (called a Certificate Authority or CA). The CA uses the data file from the CSR to create a data structure that fits the private key without losing the key. The CA never knows the secret to privacy.

Once the SSL certificate is issued, it is installed on your server. You will also install an intermediate certificate that will determine the credibility of your SSL Certificate by binding it to the root certificate of your CA. Depending on your server the installation and testing instructions for your certificate will be different.

You can see what is called the certificate chain in the image below. Connects your server certificate to the root certificate of your CA (in this case DigiCert) through an intermediate certificate.

The most important part of the SSL certificate

It is digitally signed by a trusted CA, such as DigiCert. Anyone can create a certificate, but browsers only trust certificates on their list of trusted CAs that come from an organization. Browsers come with a list of trusted CAs preinstalled, known as the Trusted Root CA store. To be add to the Trusted Root CA store and thus become a Certificate Authority, an organization must support and be audit against browser-setting protection and authentication requirements.

An SSL Certificate issued by a CA to an organization and their domain / website verifies that the identity of that organization has been authenticated by a trusted third party. Because the browser trusts the CA, the browser now also trusts the identity of that organisation. The browser informs the user that the website is secure, and the user can feel safe to visit the site and even enter confidential information about it.

What is Secure Sockets Layer (SSL)?

Secure Sockets Layer (SSL) is a standard security technology for creating an encrypted connection between a server and a client — typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook).

Tls facilitates encrypted transmission of sensitive information such as credit-card numbers, social security numbers and login credentials. Data send between browsers and web servers are normally send in plain text — leaving you vulnerable to eavesdropping. If an attacker can intercept all data sent between a client and a web server, they will be able to view and use that information.

SSL is more precisely a security protocol. Protocols explain how to use the algorithms. In this case, the SSL protocol must evaluate encryption variables both for the link and for the data being transmitted.

All browsers have the capability to use the SSL protocol to communicate with protected web servers. Nevertheless, the browser and server need what is call an SSL Certificate to establish a secure connection.

Every day, SSL secures the data of millions of people on the Internet, in particular during online transactions or when transmitting confidential information. Internet users have come to associate their online security to the lock icon that comes with an SSL-secured website or a green address bar that comes with an SSL-secured website for extended validation. SSL-secured websites also start with https and not http.

How Does the SSL Certificate Create a Secure Connection?

When a client tries to access an SSL-secured website, a SSL connection is formed by the browser and web server using a process called “SSL Handshake” (see diagram below). Remember that the SSL Handshake is invisible to the user and will occur instantly.

Setting up the SSL link essentially uses three keys: the public, private, and session keys. Everything encrypt with the private key can only be decrypt, and vice versa.

As encryption and decryption with private and public key takes a lot of processing power, they are only use to establish a symmetric session key during the SSL Handshake.

1. Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself.
2. Server sends a copy of its SSL Certificate, including the server’s public key.
3. Browser checks the certificate root against a list of trusted CAs. That the certificate is unexpired, unrevoked. That its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
4. Server decrypts the symmetric session key using its private key. Sends back an acknowledgement encrypted. With the session key to start the encrypted session.
5. Server and Browser now encrypt all transmitted data with the session key.