About SSL
Although online shopping is increasingly pervasive, millions of potential customers still balk at releasing their credit card numbers to online entities. Secure Sockets Layer (SSL) certificates on Web sites provide an effective, reliable and visible method of securing sensitive customer information. An SSL certificate ensures customers that online transactions on SSL-secured sites indeed are safe.
SSL is the de facto standard for creating a secure, encrypted link between a Web server and a browser. SSL thus secures safe passage of credit card information, user names, passwords, and other sensitive e-commerce transactions. SSL is generally used by e-commerce Web sites as a means to protect online transactions with their customers. SSL utilizes the public-and-private key encryption system.
In order to be able to generate an SSL connection, a Web server requires an SSL Certificate.
About SSL Certificates
An SSL certificate is a certificate that authenticates the identity of a Web site to visiting browsers and encrypts information for the server via SSL technology. When a browser user wants to send confidential information to a Web server, the browser will access the server's digital certificate.
The certificate serves as an electronic passport that establishes an online entity's credentials when doing business or other transactions on the Web.
A digital certificate contains the following information:
- The certificate holder's name
- Serial number,
- Expiration date,
- Copy of the certificate holder's public key,
- The digital signature of the certificate-issuing entity.
Because only the Web server has access to its private key, only the server can decrypt SSL-encrypted information.
Public and Private Keys
When you create a certificate request your Web server generates two unique cryptographic keys. The public key is used to encrypt messages to your server and is contained in your certificate. Your private key is stored on your local computer and decrypts the secure messages so they can be read by your server.
Your Web server will match your issued SSL certificate to your private key. The Web server will then be able to establish an encrypted link between your Web site and your customer's Web browser.
Enabling SSL
A digital certificate is needed in order to use SSL on your Web site. Digital certificates are issued by Certification Authorities (CA). When applying for an SSL certificate, you must generate and submit a Certificate Signing Request (CSR) to a CA — such as Starfield Technologies, Inc. —, which will validate the submitted information in order to verify that the certificate-requesting entity (e.g., your company) controls the Internet domain for which the certificate is being requested, and, for most certificate types, that your company exists and is properly documented. Once issued, the SSL certificate enables you to secure your Web site with SSL. The "https:" prefix in the URL and the padlock symbol in the browser's status bar indicate that a site is secure.
How SSL Works
How an SSL certificate secures an online transaction:
- When accessing an SSL-secured Web site, the user's browser sends a message to the Web server, requesting a secure session.
- The Web server responds by sending the user its server certificate (which includes its public key).
- The user's browser will verify that the server's certificate is valid and has been signed by a CA whose certificate is in the browser's database. It will also verify that the CA certificate has not expired.
- If the certificates are all valid, the user's browser will generate a one-time session key and encrypt it with the server's public key. The user's browser will then send the encrypted session key to the server so that they will both have a copy.
- The server will decrypt the message using its private key and recover the session key.
This completes the SSL handshake process, and a secure SSL connection has been established. The entire process of establishing the SSL connection happens transparently to the user and takes only seconds.
A key or padlock icon in the browser's status bar indicates that the browser is running in secure mode. SSL is supported in the vast majority of browsers and Web servers on the market.
