What is SSL , Role of SSL Certificates And how its works ?

Document created by jayan03 Employee on Nov 25, 2015Last modified by kristen.palazzolo on Dec 17, 2016
Version 2Show Document
  • View in full screen mode

What is SSL ?


SSL (Secure Sockets Layer) is the standard security technology
for establishing an encrypted link between a web server and a browser. This
link ensures that all data passed between the web server and browsers remain
private and integral.

Basically, SSL certificates plays two important role:

  1. Data Encryption (so that your data can not be hacked or cracked
    by others easily)
  2. Validate Website (to make sure that you are connection to right
    website and not providing sensitive info like credit cards details on phishing
    website )


What is the Role of SSL Certificate here?

  1. SSL Certificates have a key pair: a public and a private key.

Anything encrypted with the public key can only be decrypted
with the private key, and vice versa.

These Keys (and session keys) are used for encrypting the data.


  1. 2. Common name (defined while creating SSL Certificate) is used
    to valid for the website that client is connecting to.


How SSL works?


When a browser attempts to access a website that is secured by
SSL, the browser and the web server establish an SSL connection using a process
called an “SSL Handshake”



  1. 1. Browser connects to a web server (website) secured with SSL
    (https). Browser requests that the server identify itself.
  2. 2. Server sends a copy of its SSL Certificate, including the
    server’s public key.
  3. 3. Browser checks the certificate that the certificate is
    unexpired, unrevoked, and that its common name is valid for the website that it
    is connecting to. If the browser (or client) trusts the certificate, it
    creates, encrypts, and sends back a symmetric session key using the server’s
    public key.
  4. 4. Server decrypts the symmetric session key using its private
    key and sends back an acknowledgement encrypted with the session key to start
    the encrypted session.
  5. 5. Server and Browser now encrypt all transmitted data with the
    session key.

SSL Working.gif