Skip to content

What is a Secured Socket Layer (SSL)?

Secure connection icon vector illustration isolated on white background, flat style secured ssl shield symbols

A Secured Socket Layer, or SSL, is the usual way that a website creates a secure connection with a web browser. Whenever a web surfer visits a secure site that uses SSL technology, it creates an encrypted link between their browser session and the webserver. SSL is the industry standard for secure web communication and is used to protect millions of online transactions each day.

What Does Encryption Mean?

Encryption simply means that the information that is going back and forth between an individual’s computer and the website is scrambled so that no one else can understand it. A formula on each side is used to scramble the information before sending it and unscramble it upon receipt. If a hacker happens to intercept the personal information en route, it would be worthless to them.

What is an SSL Certificate?

The web server must have an SSL certificate before it can create an SSL connection. When someone activates SSL protocols on their web server, they are asked to answer questions that will establish their identity. The questions ask for information about both the website and the company. After the SSL certificate is requested, the web server creates two cryptographic keys, one is a Private Key and the other is a Public Key. These keys are used along with the encryption formula to create a secure link between the web server and browser sessions.

Public Keys vs. Private Keys

As the name implies, the Public Key is not kept secret. It is placed into the Certificate Signing Request (CSR) which is a data file that contains the website’s details. The CSR is submitted to the SSL Digital Certificate group for validation as part of the SSL certificate application process. Once the details are validated, the SSL certificate is officially issued, and the website is allowed to use SSL. Next, the webserver confirms that the SSL certificate matches the Private Key. This makes sure that the SSL certificate is only used by the website that originally requested it. At this point, the webserver is able to create safely encrypted links, or communication paths, between its website and a customer’s browser.

What’s in an SSL Certificate?

Most SSL certificates include the domain name (web address), company name, company address, the certificate’s expiration date, and information about the certification authority who issued the certificate. Individuals are not usually allowed to possess an SSL certificate. In virtually all cases, SSL certificates are only issued to companies.

How Does SSL Work with My Browser?

The typical web user isn’t required to understand the complex process behind the SSL protocol. A key indicator is processed by the web browser to indicate that it is protected by an SSL-encrypted session, and the browser will show a small lock icon in the lower, right-hand corner of the screen. If the lock is clicked, it will display the SSL certificate and all the details.

Behind the scenes, the browser retrieves the SSL certificate whenever it connects to a secure site. The browser checks to make sure that the certificate has not expired, whether or not the issuing authority is one that the browser trusts, and that the certificate is being used by the same website to which it was issued. If either safety check fails, the browser will let the user know that the site is not secured by SSL through a warning message. The user has the choice of trusting the site or leaving.

HTTP Secure

Hypertext Transfer Protocol Secure, or HTTPS, combines standard HTTP with SSL for secure identification and encrypted communication of web servers. This standard is frequently used for online payments and other transactions that involve sensitive information. One way to instantly know if a site is using the HTTPS standard is to look at the address at the top of the page. If the address starts with “https” instead of the typical “HTTP”, the site is using HTTPS security measures. It’s important to keep in mind that only a portion of the website may be using HTTPS, while the vast majority might be using simple HTTP. The idea behind HTTPS is to create a secure channel over a mostly unsecured network. For example, while it is critical that online banking uses HTTPS to secure a customer’s account information, they would not need to go to that extreme to protect pages that simply tell the public how to apply for a new loan or credit card.

Related Articles

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety

Surviving a Romance Scam with Debby Montgomery Johnson

Many are resigned to stay silent about the pain of being scammed, but today’s guest helps empower…

[Read More]

SIM Swapping. Scammers are taking over our smartphones…and text messages too!

Did you know that through a dirty trick called SIM swapping, a scammer could take over your…

[Read More]
WELCOME

About the Website Redesign

I hope you like the WhatIsMyIPAddress.com redesign and how we’ve improved the website for you. The IP…

[Read More]
Twitter Hack

Twitter Hack Lessons: Employees Often Help Hackers Succeed.

There was huge hack of Twitter in Summer of 2020. with all kinds of surprises. Here’s what…

[Read More]
FREE VPN

A Free VPN is Always Better Than Not Using One

A free VPN (a trustworthy one) may be all that you need for more privacy, more security…

[Read More]

On “Giving Tuesday,” Beware of Charity Scams

Take Steps to Protect Your Much-Needed Donations The first Tuesday after Thanksgiving is recognized globally as Giving…

[Read More]