What is SSL ?
Definition:
SSL (Secure Sockets Layer) is the standard security technology
for establishing an encrypted link between a web server and a browser. This
link ensures that all data passed between the web server and browsers remain
private and integral.
Basically, SSL certificates plays two important role:
- Data Encryption (so that your data can not be hacked or cracked
by others easily) - Validate Website (to make sure that you are connection to right
website and not providing sensitive info like credit cards details on phishing
website )
What is the Role of SSL Certificate here?
- SSL Certificates have a key pair: a public and a private key.
Anything encrypted with the public key can only be decrypted
with the private key, and vice versa.
These Keys (and session keys) are used for encrypting the data.
- 2. Common name (defined while creating SSL Certificate) is used
to valid for the website that client is connecting to.
How SSL works?
When a browser attempts to access a website that is secured by
SSL, the browser and the web server establish an SSL connection using a process
called an “SSL Handshake”
- 1. Browser connects to a web server (website) secured with SSL
(https). Browser requests that the server identify itself. - 2. Server sends a copy of its SSL Certificate, including the
server’s public key. - 3. Browser checks the certificate that the certificate is
unexpired, unrevoked, and that its common name is valid for the website that it
is connecting to. If the browser (or client) trusts the certificate, it
creates, encrypts, and sends back a symmetric session key using the server’s
public key. - 4. Server decrypts the symmetric session key using its private
key and sends back an acknowledgement encrypted with the session key to start
the encrypted session. - 5. Server and Browser now encrypt all transmitted data with the
session key.
Regards
Anand