SSL is the acronym for Secure Sockets Layer and is the Internet standard security
technology used to establish an encrypted (or safe) link between a web server
(website) and your browser (i.e. Internet Explorer, Chrome, Firefox, etc…). This
secured link ensures that the data/information that is passed from your web
browser to the web server remain private; meaning safe from hackers or anyone
trying to spy/steal that info. SSL is the industry standard and is used by millions of
websites to protect and secure any sensitive or private data that is sent through
their website. One of the most common things SSL is used for is protecting a
customer during an online transaction.
To establish a secured SSL connection on a web server it requires an SSL
Certificate to be properly installed. When completing the process to activate SSL
on your web server you will be asked to complete a number of questions to verify
the identity of your domain and your company. Once properly completed, your
web server will create 2 types of cryptographic keys – one is called a Private Key
and the other is called the Public Key.
The Public Key isn’t a secret and it’s placed into something called a Certificate
Signing Request or most commonly referred to as the CSR. The CSR is a file that
contains all the data of your details. Once this CSR is generated, you can begin the
SSL application process. During this process, the Certification Authority (CA) will
go through the validation process to verify your submitted details and then once
verified will issue an SSL Certificate with your details and allow you to use SSL.
Your web server will automatically match the CA issued SSL Certificate to your
Private Key. This means you are now ready to establish an encrypted and secure
link between your website and your customer's web browser.
SSL protocol is complex, but the complexities always remain invisible to your
customers. Instead the browser they are using provides them with a key indicator
letting them know that their session is currently protected by an SSL encryption –
sometimes it is the lock icon in the lower right-hand corner, or the addition of an
“s” in https rather than just http, on high-end SSL Certificates, a key indicator is
the green bar in the browser. Clicking on the indicators will display all the details
about it. All trusted Certification Authorities issue SSL Certificates to either legit
companies or legally accountable individuals.
Generally speaking, SSL Certificates include and display (at least one or all) your
domain name, your company name, your address, your city, your state and your
country. It also always has an expiration date of that particular certificate and of
course the details of the Certification Authority responsible for issuing the
certificate. Browser connect to a secured site and then retrieves the site's SSL
Certificate and first makes sure that it has not expired, then it checks to see if it
was issued by a known Certification Authority that the browser trusts, and then
that it is actually being used by the website that is was actually issued to. If any
one of these parameters does not check out properly, the browser will display a
warning to the user to let them know that this site is not secure by SSL. It says to
leave or proceed with extreme caution. That is the last thing you would want to
say to your potential customer. That is why SSL is of high importance to any
successful company doing business on the web.