As a default system, every communication between web servers and client systems takes place over a clear text connection. This leads to exposure of the data in the communication to an attacker and makes the communication vulnerable to cyber-attacks. It causes unintended information disclosure to the hackers and put your website to a serious security threat. Prevention of this is possible through SSL or the newer Transport Layer Security (TLS) protocols are used to secure the data transferred between the client and server.
SSL Certificate (Secure Sockets Layer) is a technique to encrypt web communications between client and server systems. It is also known as secure web access that takes help of the https protocol over 443 port. In addition to securing the communication between the client and the web server, SSL also confirms the identity of the web server to the client systems. This process is extensively utilized to make sure that the client is interacting with the organization or individual that the website claims to represent.
Whenever you browse through a website secured with SSL Certificate, the below mentioned steps ensue and establish a secure connection through 3 major steps that include Encryption, Data Integrity and Authentication.
- The web browser on the client system establishes a connection to the web server secured with SSL and requests the server for its identification.
- The server transmits SSL Certificate’s copy along with the public key of the server to the browser of the client.
- The client’s browser confirms the root of SSL Certificate against the various trusted on its list. Only if the browser trusts the SSL Certificate, it builds a symmetric session key by using the public key of the server.
- The browser confirms the validity of the provided certificate common name.
- It also verifies the expiry date of the certificate
- The web server decrypts the symmetric session key by making use of the private key that works as a validation that the encrypted session can start.
- With the help of the session key, both the server and browser encrypt all the data that is transferred