1. Commerce
  2. System Management
  3. Domains
  4. Introduction to Domains
  5. Secure Domains
  6. Overview of SSL Encryption

Overview of SSL Encryption

SSL is a standard security technology that creates an encrypted link between a server and a client, usually a web server and a browser. It lets sensitive information like credit card numbers, social security numbers, and login details be sent securely. To establish this secure connection, the browser and the server need an SSL certificate.

SSL certificates have a key pair: one public key and one private key. These keys, which are simply large numbers, work together to create an encrypted connection. The certificate also contains the identity of the certificate/website owner.

To get a certificate, you need to create a certificate signing request (CSR) for your domain. This process creates both a private key and a public key. The CSR file that you send to the SSL certificate issuer (called a certificate authority or CA) contains the public key. The CA uses the CSR data file to create a data structure that matches your private key without compromising the key itself. The CA never sees the private key.

Note:

The certificate created with a particular CSR only works with the private key that was generated with it.

After you receive the SSL certificate, install it on your server. You also install an intermediate certificate, which links your SSL certificate to your CA’s root certificate. When the SSL certificate is installed and active, your domain is secure.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     

When a user tries to access your website:

  1. The user’s browser connects to your secure domain using HTTPS.

  2. Your domain responds with its SSL certificate, which contains its public key.

  3. The browser verifies the certificate by checking the signature of the CA. For this to work, the CA needs to be in the browser’s trusted store, which is a list of trusted CAs that all browsers have.

  4. The browser creates a session key, which is a temporary key that’s only valid while the browser and domain interact. If the user leaves your site and comes back, a new session key is made.

  5. The browser encrypts the session key with the public key and sends it to the secure server.

  6. The server uses the private key to decrypt the session key.

  7. Now, the browser and server use the session key to encrypt and decrypt all data they send. This is a secure channel because only the browser and the server know the symmetric session key, and the session key is only used for that session.

Related Topics

General Notices