2023-06-01An SSL certificate is a digital certificate that identifies a website and enables an encrypted connection. SSL stands for Secure Sockets Layer, a secure protocol that creates an encrypted link between a web server and a web browser. Companies and organizations need to add SSL certificates to their websites to secure online transactions and protect the privacy and security of customer information. In a nutshell: SSL keeps internet connections secure, preventing criminals from reading or modifying information transmitted between the two systems. When you see a padlock icon next to a URL in the address bar, it means SSL protects the website you are visiting.
There have been several versions of the SSL protocol since its inception about 25 years ago, all of which encountered security issues at some point. Then came an improved and renamed version - TLS (Transport Layer Security), which is still used today. However, the abbreviation SSL has been retained, so newer versions of the protocol often still use the old name.
SSL works by ensuring that any data transmitted between a user and a website, or between two systems, cannot be read. It encrypts data in transit using an encryption algorithm, preventing hackers from reading the data as it is being sent over the connection. This data includes potentially sensitive information such as names, addresses, credit card numbers or other financial details.
The process goes like this:
A browser or server attempts to connect to an SSL-protected website (i.e. a web server).
The browser or server requests the web server to identify itself.
In response, the web server sends a copy of its SSL certificate to the browser or server.
The browser or server checks whether it trusts the SSL certificate. If so, it signals the web server.
The web server then returns a digitally signed acknowledgment to initiate the SSL encrypted session.
Encrypted data is shared between the browser or server and web server.
This process is sometimes called the "SSL handshake" and while it sounds like a lengthy process, it happens in milliseconds.
When a website is secured with an SSL certificate, the acronym HTTPS (which stands for Hypertext Transfer Protocol Secure) appears in the URL. If there is no SSL certificate, only the letters HTTP will be displayed, i.e. without the S for secure. A padlock icon will also appear in the URL address bar. This signals trust and provides assurance to those visiting the website.
To view the details of an SSL certificate, you can click on the padlock symbol in your browser bar. Details typically included in an SSL certificate include:
The domain name for which the certificate was issued
The person, organization or device it was sent to
which certificate authority issued it
Digital Signature by Certificate Authority
associated subdomain
The date the certificate was issued
certificate expiration date
Public key (private key will not be disclosed)
