Secure Sockets Layer (SSL) is a security protocol providing a secure channel between two machines operating over the Internet or an internal network. The SSL protocol was originally released by Netscape in 1996 and was deprecated shortly after in 1999 with the release of a new protocol, TLS (Transport Layer Security). However, we still refer to these types of protocols as SSL or SSL/TLS.
An SSL Certificate is a small data file that digitally binds a cryptographic key to your organization's details. The details contained in the certificate are based on what information was validated in order to issue the certificate. These may include:
When you visit a website attempting to establish a secure connection (HTTPS instead of HTTP), your browser has to agree with the web server on how to secure the connection. This agreement process is called an “SSL Handshake” and happens automatically when you visit a secure site.
During the handshake, your browser confirms the certificate is valid and generates a session key used to encrypt/decrypt transferred information. The session key is shared between the browser and the web server so fewer resources are required for the process.
The primary need for SSL is to ensure privacy when transmitting information online. Anytime a user visits a website, your browser transmits information (requests, form fills, locations, etc.) to and from a web server. The path this information travels is not typically direct and passes through many different locations. If any of these locations is insecure, or the information is unencrypted, then a user’s privacy can be compromised. Even if the information transmitted is intercepted, an SSL certificate makes it unreadable.
SSL certificates are not just for securing credit card transactions. All levels of personal information are sensitive and should be secured. This information includes, but is not limited to, the following: