What is Secure Sockets Layer (SSL)?
The Secure Sockets Layer (SSL) protocol has become the universal standard on the web for authenticating sites and for encrypting communications between users and web servers. Because SSL is built into all major browsers and web servers, simply installing a digital certificate or Server ID enables SSL capabilities.
SSL server authentication allows users to confirm a web server's identity. SSL-enabled client software, such as a web browser, can automatically check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) - such as VeriSign - listed in the client software's list of trusted CAs. SSL server authentication is vital for secure e-commerce transactions.
An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, protecting private information from interception over the Internet. In addition, all data sent over an encrypted SSL connection is protected with a mechanism for detecting tampering - that is, for automatically determining whether the data has been altered in transit. This means that users can confidently send private data, such as credit card numbers, to a website, trusting that SSL keeps it private and confidential.
How Server IDs Work:
A customer contacts your site and accesses a secured URL: a page secured by a Server ID (indicated by a URL that begins with "https:" instead of just "http:" or by a message from the browser).
Your server responds, automatically sending the customer your site's digital certificate, which authenticates your site.
Your customer's web browser generates a unique "session key" (like a code) to encrypt all communications with the site.
The user's browser encrypts the session key with your site's public key so only your site can read the session key. Depending on the browser, the user may see a key icon becoming whole or a padlock closing, indicating that the session is secure.
A secure session is now established - all communications will be encrypted and can only be decrypted by the two parties in the session. It all takes only seconds and requires no action by the user.