What is SSL?

Short for Secure Sockets Layer, SSL is a protocol or a set of rules that was “invented” or released by NetScape. These suite of rules or protocols are still used to ensure that transactions over the internet, namely, between the webservers and the browsers, are carried out securely.

The SSL set of rules or protocols, work with identifying the entities involved in the transaction, again the webserver and/or the webbrowser, using a Certification Authority or CA. SSL is mainly used for securely transferring documents via the internet.

Why SSL?

As stated above, SSL or Secure Sockets Layer provides an interface for the internet user(s) to securely transmit document or any data using the browser and the webserver.

This is achieved using Encryption/Decryption technologies along with “certificates” of authenticity provided by a certification authority.

How does SSL Work?

SSL works on the principles of encryption and decryption. SSL works on public key/private key encryption algorithms, which means that encryption can be done using only one key and decryption at the target destination would require a key pair. Essentialy this means that with every SSL transaction there are two keys involved one that encrypts and one that decrypts in conjuction with the key that was used to decrypt the document or data transmitted. It might be a confusing, but the concept is extremely simple.

Step #1 A client browser(basically web user) would request a secure website or secure webpage.

Step #2 A certificate, identifying the webserver is sent to the client browser along with a pubic key by the browser hosting this secure webpage or website.

Step #3 The client browser checks the certificate to and authenticates the certificate with the help of the Certification Authority. It also checks if the certificate is still valid and its validation hasn’t expired and the certificate belongs to website or webpage requested.

Step #4 After the above step has been completed and the certificate is validated, the client browser uses the public key to encrypt the data or document to be transmitted. The destination URL is also encrypted. After encryption has been completed, the data or document is transmitted.

Step #5 The webserver hosting the secured website or webpage then decrypts the encrypted data or document using a private key only available to the server, in conjunction with the public key.

Step #6 The webserver then sends in the requested data which is again encrypted using the symmetric or public key.

Step #7 The client browser decrypts the data and makes it available to the internet user.

[Data/Request]–>[Public Key]–>Encrypted Data–>[Private Key]–>[Message]

So, what do you get?

Every communication, using the internet, may it be emails or payments via credit cards, has a “route” or a relay and is relayed between eight to thirty two (8-32) servers before it reaches its destination. Every such “relay” or stop over server could be vulnerable to attack or might already may have been penetrated. Thence, every such point or “relay” would be a security risk where your personal data is concerned. Every such “relay” would be a gateway for viruses, hackers, phishers, malicious scripts; many of which can intercept your personal data at any given time and could make copies of it, or even alter it leading to identity theft or even more!

So, instead of the placing the security burden on to you as an internet user, now the burden of security falls with the CA, the webserver and the client browser. Which essentially decide if its secure enough to transmit your personal data using the internet. This is only possible with the use of SSL or SSL Certificates.

What is more interesting is that more than 90% of internet users have come across a security alert! And a major chunk of such users, IGNORE such security alerts, taking their internet browsing and usage for granted. Another big chunk just stop browsing such websites.

So if you are an internet user, we would advise you to pay attention to such warnings and if you are a webmaster or if you have an online business we would strongly advise you to get an SSL certificate today. A secure connection definitely means a secure web browsing experience for online shoppers, business owners, general internet users.

Digital Certificates or SSL Certificates do not cost much and easy to setup and provide a better, a very secure experience for all internet users and website owners, webmasters are strongly urged to get these setup on your websites. Why Compromise on Security, right?

SSL certificates or Digital Certificates, is just one of the many steps that can be take to make the internet a more secure place.

It would be wise to know that SSL’s predecessor is here, and is known as “TLS” or Transport Layer Security.

SSL Resources

http://tldp.org/HOWTO/SSL-Certificates-HOWTO/c118.html
http://www.webopedia.com/DidYouKnow/Internet/2008/SSL.asp
http://en.wikipedia.org/wiki/Transport_Layer_Security
http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
http://en.wikipedia.org/wiki/OpenSSL
http://www.openssl.org/