SSL: what is it and how does it work?
A secure connection between the browser of your visitor and the server on which your website is hosted is a necessity for more reasons than you can imagine. But what is SSL, and how does it work? We are now going to guide you through the world of handshakes and certificates…
A recent poll showed that many Internet companies are not up to date enough with the necessity of SSL (Secure Sockets Layer). They think that such an extra security system is only necessary during payment sessions, and that it is automatically provided by the payment service, like Ogone. In order to avoid this misunderstanding, we will publish a series of articles to provide useful information on this security protocol, so that you too can understand what SSL actually does and why it is so important that you do not ignore it.
You have a website. And you wish to do business via the Internet. In that case, you need to make sure that your visitors trust you so that they have the guarantee that the information they send you is in safe hands. In fact, during an ordinary web session, data are sent as ordinary text when they are exchanged between the browser of the user and the server on which your website is hosted. For normal information that anyone can find on the Internet, it would not be a big deal if that communication was intercepted. But things would get much worse when a user sends personal information like his login and password for your website, his credit card information, etc. If those data were to be sent as ordinary text and intercepted by a hacker, the consequences would be much more severe.
You can avoid this by using SSL (secure sockets layer), which makes sure that the communication between the browser of your customer and your website is encrypted. This way, even if a hacker managed to intercept the communication, he would not be able to use the data, because he does not have the key to decrypt the data.
The first thing you need to do to create this special security layer is order an SSL Certificate. Consider this as an online identity card for your website, which allows the customer to be sure that the owner of your website is actually who he claims to be. Such a certificate is delivered by a Certificate Authority like Verisign, Comodo or Tawthe. Most companies submit their request via a hosting company such as Combell. Not only because they can assist you in the request procedure, but also because they are a wholesaler that can offer special discounts on certificates.
After having checked your references and your integrity, you receive the SSL certificate that you need to install on your server. In a next article, we will give you all the details on how this actually works.
Such an SSL certificate does more than just confirm your identity: it is necessary for the encryption of the data during the communication between the browser of your customer and your website. Concretely, during a visit to your website, the browser of the customer will check that the SSL certificate was signed by a Certificate Authority, which will send a confirmation that the certificate is valid. After that, the handshaking process can begin. During this process, the browser and your server determine what sort of encryption they are going to use. Dwelling on this encryption process that includes public, private and session keys would lead to a very complex, technical explanation. Those who want to play secret agent and find out more about these encryption techniques can visit Wikipedia.
All you and your user need to know is that after the handshake, the SSL connection is activated. This can clearly be seen thanks to a special symbol in the browser of the customer: a small lock at the top or the bottom of the page, or a green address bar. In addition, the customer can see that the web address is not “http://” anymore, but “https://”. The user can also examine the content of the certificate; with Firefox, for instance, he can click on the small lock in the address bar to get a short summary of the certificate. Via “More information”, he can request the details of the certificate.
The handshaking process happens so fast that the customer will not notice at all that powerful computer tasks are being executed in the background in his browser. The most important thing is that secure communication is now possible between your user and your website, which makes it possible for your user to send his personal information, his credit card information and other sensitive data to your website via the Internet in full confidence. All successful transactions are based on trust.
Would you like to watch a movie that explains how SSL works? This funny YouTube video should do the trick!
Do you want to purchase an SSL certificate or need more info? Discover more about SSL on our website.