SSL is a security protocol that protects user data during it’s transfer from your servers to the client’s browser.
Here’s what happens when a user wants to connect to secure website:
- User visits SSL secured web site, browser sends a ‘Client Hello’ to web server to request secure / SSL session.
- Web server responds to user / browser with certificate, including the public key.
- User browser will verify the certificate w.r.t Certificate Authority and validity from browser database.
- If certificate is valid, browser will generate unique session key, encrypt with server’s public key and send encrypted key to server.
- Server will then decrypt the message using private key and maintain the session key. A transaction establishes a secure communication pipe, user browser and server will now use session key to send information back and forth.
- A transaction ensures:
- Only user browser and server will have the session key, communication is protected.
- User is communicating with a web site which has been vetted to confirm the identity of organization requesting the details from user and the domain which represent the organizations application.