What is SSL?
Secure Sockets Layer (SSL) is a security protocol providing a secure channel between two machines operating over the Internet or an internal network. The SSL protocol was originally released by Netscape in 1996 and was deprecated shortly after in 1999 with the release of a new protocol, TLS (Transport Layer Security). However, we still refer to these types of protocols as SSL or SSL/TLS.
An SSL Certificate is a small data file that digitally binds a cryptographic key to your organization’s details. The details contained in the certificate are based on what information was validated in order to issue the certificate. These may include:
- Domain name, server name, or hostname (Domain Validation or DV)
- Company name and location (Organization Validation or OV)
- Organizational contact details (Extended Validation or EV)
How Does SSL Work?
When you visit a website attempting to establish a secure connection (HTTPS instead of HTTP), your browser has to agree with the web server on how to secure the connection. This agreement process is called an “SSL Handshake” and happens automatically when you visit a secure site.
During the handshake, your browser confirms the certificate is valid and generates a session key used to encrypt/decrypt transferred information. The session key is shared between the browser and the web server so fewer resources are required for the process.
Why Do We Need SSL?
The primary need for SSL is to ensure privacy when transmitting information online. Anytime a user visits a website, your browser transmits information (requests, form fills, locations, etc.) to and from a web server. The path this information travels is not typically direct and passes through many different locations. If any of these locations is insecure, or the information is unencrypted, then a user’s privacy can be compromised. Even if the information transmitted is intercepted, an SSL certificate makes it unreadable.
What Are SSL Certificates Used For?
SSL certificates are not just for securing credit card transactions. All levels of personal information are sensitive and should be secured. This information includes, but is not limited to, the following:
- Credit card transactions
- Online system logins, sensitive information transmitted via web forms, or protected areas of websites.
- Webmail and applications like Outlook Web Access, Exchange, and Office Communications Server.
- The connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange.
- The transfer of files over https and FTP(s), services such as website owners updating new pages to their websites, or transferring large files.
- Hosting control panel logins and activity like Parallels, cPanel, and others.
- Intranet-based traffic such as internal networks, file sharing, extranets, and database connections.
- Any user-specific information transmitted by a browser such as location, browser type, operating system, and device type.