How Does an SSL Certificate Work? Part deux.

 In SSL Certificate Series, Website Design

In the same way that you lock and unlock doors using a key, encryption makes use of keys to lock and unlock your information. Unless you have the right key, you will not be able to “open” the information. SSL part duex.

 Each SSL session consists of two keys:

•           The public key is used to encrypt (scramble) the information.

•           The private key is used to decrypt (un-scramble) the information and restore it to its original format so that it can be read.

Every SSL certificate that is issued for a CA-verified entity is issued for a specific server and website domain (website address). When a person uses their browser to navigate to the address of a website with an SSL certificate, an SSL handshake (greeting) occurs between the browser and server. Information is requested from the server – which is then made visible to the person in their browser window.

You will notice changes to indicate that a secure session has been initiated – for example, a trust mark will appear.If you click on the trust mark, you will see additional information such as the validity period of the SSL certificate, the domain secured, the type of SSL certificate, and the issuing CA. All of this means that a secure link is established for that session, with a unique session key, and secure communications can begin.

It is important to remember that using SSL on your site is only one part of securing your website. You also need to make sure you implement other security measures including using proper password protection, keeping applications updated, writing secure code that isn’t vulnerable to cross site scripting and SQL injection, protecting your physical servers and the computers you use to access them, etc. Enabling SSL patches one of the security holes, but don’t let that make you overconfident and forget to take the other necessary security precautions.


Recommended Posts