In this article I am trying to make clear the concept of SSL (Secure Socket Layer).
SSL (Secure Socket Layer) What Is SSL?
SSL (Secure Sockets Layer) is providing a high web security and it is create an encrypted links for a server and client communication. It is allowing you to transmit private data online. Sites secured with SSL display a padlock in the browsers URL and possibly a green address bar if secured by an EV SSL certificate SSL is use for sensitive information such as credit card numbers, debit card number, online money transaction and login credentials to be transmitted securely. Basically Data is send between browser and server in plain text. And a hacker is able to seize all data being sent between a browser and a web server they can see and use that information.
More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted. SSL provide security of the data which is flow on web every day. Internet users have come to associate their online security with the lock icon that comes with an SSL-secured website or green address bar that comes with an extended validation SSL-secured website. SSL-secured websites also begin with https rather than http.
How Does SSL Work?
When a SSL Digital Certificate is installed on a web site, users can see a lock icon at the bottom area of the navigator. When an Extended Validation Certificates is installed on a web site, users with the latest versions of Firefox, Internet Explorer or Opera will see the green address bar at the URL area of the navigator.
· Green arrow for secured (https).
· Yellow arrow for unsecured (http).
1. Browser connects to a web server (website) secured with SSL (https).Browser requests that the server identify itself.
2. Server sends a copy of its SSL Certificate, including the server’s public key.
3. Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
4. Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
5. Server and Browser now encrypt all transmitted data with the session key.
Internet Explorer 9.0:
Chrome 26.0.1410.43 m: