Hello friends today in my article I'll tell you what is SSL and how SSL
create a secure communication between the web client and the web server.
I know everyone know about http:// and https://, HTTP protocol is used
for standard communication between the Web server and the client. HTTPS
is used for a secure communication between them.
What is a Secured Socket Layer (SSL)?
A Secured Socket Layer, or SSL, is the usual way that a website creates a
secure connection with a web browser. Whenever a web surfer visits a
secure site that uses SSL technology, it creates an encrypted link
between their browser session and the web server. SSL is the industry
standard for secure web communication and is used to protect millions of
online transactions each day.
What is a SSL Certificate?
The web server must have an
SSL certificate
before it can create an SSL connection. When someone activates SSL
protocols on their web server, they are asked to answer questions that
will establish their identity. The questions ask for information about
both the website and the company. After the SSL certificate is
requested, the web server creates two cryptographic keys, one is a
Private Key and the other is a Public Key. These keys are used along
with the encryption formula to create the secure link between the web
server and browser sessions.
Public Keys vs. Private Keys
As the name implies, the Public Key is not kept secret. It is placed
into the Certificate Signing Request (CSR) which is a data file that
contains the website's details. The CSR is submitted to the SSL Digital
Certificate group for validation as part of the SSL certificate
application process. Once the details are validated, the SSL certificate
is officially issued, and the website is allowed to use SSL. Next, the
web server confirms that the SSL certificate matches the Private Key.
This makes sure that SSL certificate is only used by the website that
originally requested it. At this point, the web server is able to create
safe encrypted links, or communication paths, between its website and a
customer's browser.
What's in a SSL Certificate?
Most SSL certificates include the domain name (web address), company
name, company address, the certificate's expiration date, and
information about the certification authority who issued the
certificate. Individuals are not usually allowed to possess a SSL
certificate. In virtually all cases, SSL certificates are only issued to
companies.
Which websites need SSL Certificate?
The websites where a private conversation is occurred, Websites related to
online transactions or other sensitive information needs to be protected needs to SSL Certificate.
Security Tip : Hackers always
use different types of attacks such as Packet sniffing or ARP Poisoning
to steal your sensitive information, never give your password or
credit card information or any other sensitive information on public computers or on Msn and any other Instant Messenger.
Hope this is informative and if u have any question, query or any suggestion kindly post us.