A secure sockets layer (SSL) certificate is a digitally signed credential, which is issued by a credentialing agency for a specific organization’s website. SSL certificates are used in Internet technology to ensure the safety of transmissions between a web browser and a server. A browser and server exchange information that indicates that the web server is valid, and the server establishes a secure connection. Users can check their browser's appearance to determine whether they are on a secure connection.
Any organization that would like to secure its web transmissions will contact a credentialing agency, called a certificate authority, to buy an SSL certificate. The certificate authority, which should be a trusted organization itself, will verify the identity and validity of the requesting organization before issuing a certificate. After a certificate is granted, it is installed on the organization's web server, and the private and public keys used in encrypting are created.
If a user browses to a website, the browser requests the identity of the web server. The server returns a copy of its SSL certificate. After the certificate is returned, the browser then determines whether the certificate should be trusted. If the browser is uncertain, it might display a message to the user. The user can then examine the certificate and decide whether to continue.
When the browser trusts the SSL certificate, the browser responds to the server without requiring any action from the user. The server will acknowledge the browser’s response, and it starts a secure session. Transmissions shared from here are encrypted, so they are unreadable to a hacker.
The use of SSL certificates is important in fostering user confidence in websites. Certificates are often used on ecommerce sites, where users might be sending credit card information. Use is also essential for financial services websites, such as online banking and payment fulfillment sites. Other sites that might request personal information such as addresses, birth dates or health information will also typically use SSL certificates.
Users might wish to verify that they are on secure websites before sending private information. To verify, the user can examine the browser’s address bar. The address will usually begin with "https" instead of "http." In this case, "https" refers to the term "hypertext transfer protocol secure." Different browsers might also use other methods of indicating to a user that he or she is visiting a site using an SSL certificate, such as a displaying a lock or information about the secure connection in the address bar or status bar.