SSL (Secure Sockets Layer) is a web security protocol developed by Netscape for establishing an encrypted connection between a web server and a browser. SSL crytography makes use of two keys to for data encryption. The public key, used to encrypt information, is known to everyone and the private key, known only to the intended recipient of the message, is used to decipher it.
SSL is an industry standard approved by the Internet Enginerring Task Force (IETF) and is commonly used by websites which need to collect confidential information like credit card information from its users. By convention, web addresses that require an SSL connection start with https: instead of http :. Most web browsers provide an indicator, usually a lock icon in the status bar, to let users know when they are protected by an SSL encrypted session. Clicking on the icon displays the SSL Certificate and the details about it. True 128-bit SSL certificates provides the strongest SSL encryption available.
An SSL Certificate is issued by a trusted source, known as the Certificate Authority. When a browser connects to an SSL server, it requests for a digital Certificate of Authority from the server. This digital certificate positively authenticates the server's identity to ensure you are not be transmitting private data to a hacker or imposter site.
The browser checks that it has not expired, it has been issued by a trusted Certification Authority, and that it is being used by the website for which it has been issued. If there is a problem with the certificate, even if it is simply out of date, your browser will display a message window to notify you of the problem, allowing you to terminate the session or continue at your own risk.
Once the handshake is completed, your browser will automatically encrypt all information that you send to the site, before it leaves your computer. Encrypted information is unreadable en route. Once the information arrives at the secure server, it is decrypted using a secret key. If the server sends information back to you, that information is also encrypted at the server's end before being sent. Your browser will decrypt it for you automatically upon arrival, then display it as it normally does.