Ssl Certificates

Written by Kevin Tavolaro
Bookmark and Share

SSL certificates enable electronic commerce transactions by affirming the identity and integrity of the online business directly to the customer's browser. SSL certificates are issued to servers by a third party, known as a certificate authority. The certificate authority conducts a thorough investigation of a business before issuing them a certificate, as the certificate's primary function is to provide a trusted outside validation of the site in question.

When users visit a secure site, their web browsers automatically check that the site's SSL certificates are authentic, and have been issued by a reputable third party certificate authority. A list of trusted certificate authorities is installed in the browser in order to facilitate this.

Using SSL Certificates to Exchange Data

In order to secure a data transaction between a user and a website server, the SSL certificate on the server issues the user a digital public key. When the public key is created, SSL certificates also generate a unique private key, corresponding to the public key and stored on the server. The public key installed on the browser server to authenticate the user's identity to the server, when matched with the corresponding private key. Likewise, the company's identity and reputation are authenticated by information supplied on the public certificate verified by a trusted third party certification authority. After the mutual authentication validates the integrity of both parties, the data exchange can begin.

When the user enters information into his browser in a session secured by SSL certificates, the downloaded public key changes the data from a coherent string of recognizable letters and numbers, into an impenetrable assortment of seemingly random characters--this is called encryption. The user then submits that data to the server through a form in the web browser. Because the data has been encrypted, it is protected against cyber-crime, such as unauthorized alteration or interception. Once the encrypted data is received by the site, SSL certificates on the server locate the unique corresponding private key, and use it to decrypt the information. This keeps information safe, even when transversing the perils of cyberspace.


Bookmark and Share