SSL (Secure Sockets Layer) is an official security protocol for building encrypted links within a web server and a browser in an online conversation. When SSL certificate is installed on a web server, it facilitates a secure connection between the web server and the browser that connects to it. The website’s URL is prefixed with “https” instead of “HTTP” and a padlock is displayed on the address bar.
If the website uses an extended validation (EV) certificate, then the browser may also present a green address bar.
On the visible level, the presence of an SSL protocol and an encrypted session is indicated by the presence of the lock icon in the address bar. A clickon the lock icon shows to a user/customer details about your SSL. It is important to know that SSL Certificates are issued to either companies or legally accountable individuals solely following proper authentication. An SSL Certificate comprises of your domain name, the name of your company and other things like your address, your city, your state and your country. It would also show the expiration date of the SSL plus details of the issuing CA.
Whenever a browser opens a connection with an SSL secured website, it will first retrieve the site’s SSL Certificate to check if it’s still valid. It’s also verified that the CA is one that the browser trusts, and also that the certificate is being used by the website for which it has been issued. If any of these checks fail, a warning will be displayed to the user, indicating that the website is not secured by a valid SSL certificate.
The SSL protocol is used by millions of online business to protect their customers, ensuring their online transactions remain confidential. A web page should use encryption when it expects users to submit confidential data, including personal information, passwords, or credit card details. All web browsers have the ability to interact with secured sites so long as the site’s certificate is issued by a trusted CA.
The internet has spawned new global business opportunities for enterprises conducting online commerce. However, that growth has also attracted fraudsters and cybercriminals who are ready to exploit any opportunity to steal consumer bank account numbers and card details. Any moderately skilled hacker can easily intercept and read the traffic unless the connection between a client (e.g. internet browser) and a web server is encrypted.
A certificate authority or certification authority (CA) issues SSL certificates. On receiving an application, the CA verifies two factors: It confirms the legal identity of the enterprise/company seeking the certificate and whether the applicant controls the domain mentioned in the certificate. The issued SSL certificates are chained to a ‘trusted root’ certificate owned by the CA.
A web page using SSL will display
- “https://” instead of “HTTP://” before the website’s address in the browser’s address bar
- A padlock icon in the address bar of the browser before the address.
- With an Extended Validation Certificate, the address bar also shows the registered name of the company that owns the website, the name of the issuing CA and, an additional green security indicator.