How do SSL Certificates work?

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 5.00 out of 5)

A brief description of what SSL is, what it does and how it works

You may have heard you need an SSL Certificate, but you might not be sure what it is or what it does. No problem. We’re here to help you.

An SSL Certificate accomplishes two things. First, it enables an encrypted connection between a client (web browser) and a web server (website). We’ll get to how it does later, but for now, just remember that protects the communication between individuals and websites. Without this, the entire data transferred would be out in the open – vulnerable to getting intercepted, stolen or manipulated.

The second thing an SSL Certificate accomplishes is authentication. For the sake of not getting you bored, we’ll keep the description of this brief. Authentication is what lets a web browser know that a site can be trusted. When you visit a website, what is the guarantee that you are on the site that you are meant to be and it is run by the organization that says it is? SSL certificate or HTTPS takes care of this. The SSL certificate enables signs such as green address bar, a padlock, ‘HTTPS’ prefix etc. Such signs help you identify if the website you’re on is genuine or not. The nature of such trust-signs depends upon the validation level of the SSL certificates. There are mainly three types of SSL certificates – DV, OV, and EV. We won’t get into their details here. However, if you want to learn about them, you should click here.

In this blog, we’ll be focusing mostly on the encryption aspects of an SSL Certificate. Let’s take a closer look.

How an SSL Certificate Enables Encryption

When a web browser first accesses a website the two communicate in what is called the “SSL Handshake.” This is a process where credentials are exchanged and an encrypted connection is agreed upon.

Let’s understand the SSL Handshake bit-by-bit.

  1. The browser sends a ClientHello message to the web server. This contains some SSL certificate information.
  2. The web server sends a ServerHello message in return. This message also contains similar SSL information.
  3. Now the client (browser) verifies the SSL certificate information of the web server.
  4. Once the verification is done, a pre-master key is generated by the browser.
  5. The server decrypts the pre-master key.
  6. Once the pre-master key is decrypted, the master-secret is in place between the server and the client. This master-key is used to encrypt and decrypt the data.

How SSL Certificates Work

This entire process is called SSL handshake. On the successful completion of this process, a secure connection is in place between the client and the server. From now on, every bit of data transferred between browser and server will be encrypted.

Note here that the browser decides whether it trusts the certificate on the basis of whether or not it was issued by a trusted Certificate Authority and whether its information/signature is up to date.

And there you have it. That’s what an SSL Certificate enacts encryption between a browser and a server.

It's only fair to share...Share on Facebook
0Share on Google+
0Tweet about this on Twitter
Share on LinkedIn
Pin on Pinterest