What is an SSL Certificate and Why It Is Important?
Secure Sockets Layer (SSL) is an encryption protocol, a security technology, used for establishing the secure connection between a server and you — that is between a website and your browser. SSL aims to keep your sensitive data (i.e., login credentials, credit card details, SSN, and other personal data), which you send across the Internet, encrypted to make it accessible only for the intended recipient.
How to recognize SSL-secured websites?
Websites use SSL technology to let their customers feel confident while providing their personal data, for example, while purchasing online. To let you easily see whether the website you are visiting is a trusted one or not, browsers give you visual cues such as an icon of a lock next to the address bar or the whole bar green.
The lock icon means that a website is SSL-secured, while a green address bar implies that a website uses Extended Validation SSL. Another distinctive feature of SSL is that the websites that use it begin not with http but with https.
How does it work?
All browsers are capable of interacting with SSL-secured web servers, but to make this interaction happen, the browser and the server need an SSL certificate (a small data file used to link a cryptographic key with details of an organization or site) for establishing a secure connection. Therefore, when a browser tries to access an SSL-secured website, an ‘SSL Handshake’ process takes place, which is instant and invisible for users.
Setting up the SSL connection requires three keys; they are the public, private, and session ones. It works this way: any data encrypted with the private key can be decrypted by the public key solely, and vice versa. However, as such an encryption process is quite power-consuming, it is used only during the SSL Handshake, after which a symmetric session key is created. Thus, when the secure connection is established, the transmitted data is encrypted with this session key.
SSL or TLS?
New versions of SSL have been released to ensure more secure data transmission, and TLS (Transport Layer Security) is just the updated version of SSL. Previous changes were reflected in the name by adding the number of versions, for example, SSLv2.0 or SSLv3.0. However, instead of naming the next version SSLv4.0, it was called TLSv1.0.
As SSL is more commonly used, it is referred to while talking about securing transmitted data, even if the TLS version is actually used.