Definition
Secure Sockets Layer (SSL) is a protocol for securing communication on the Internet. It provides a way for enterprises to encrypt data before sending it to users, preventing third parties from reading it while it’s in transit.
When you land on a page with a form to fill in and submit, the information you enter can be intercepted by a hacker on an unsecure website.
This information could be anything from details on a bank transaction to an email enter to register for an offer. In hacker lingo, this “interception” is often referred to as a “man-in-the-middle attack.”
Wondering how attacks happen? Here’s one of the most common ways: A hacker places a small, undetected listening program on the server hosting a website. That program waits in the background until a visitor starts typing information on the website, and it will activate to start capturing the information and then send it back to the hacker.
A little scary, right?
But when you visit a website that’s encrypted with SSL, your browser will form a connection with the web server, look at the SSL certificate, then bind your browser and the server. This binding connection is secure to ensure no one besides you and the website can see or access what you type.
This connection happens instantly, and in fact, some suggest it’s faster than connecting to an unsecure website. You simply have to visit a website with SSL, and voila — your connection will automatically be secured.
An SSL is security technology. It’s a protocol for servers and web browsers that makes sure that data passed between the two are private. This is done using an encrypted link that connects the server and browser.
Companies that request personal information from a user, such as an email address or payment information, should have SSL certificates on their website. Having one means that the details you are collecting are private and ensures the customer that when they see that padlock and https://, their privacy is safe.
SSL certificates are categorized by the level of validation and encryption provided OR the number of domains or subdomains under the certificate.
There are three types of certificates you can earn depending on the SSL you obtain. Let’s talk about them in more detail.
How SSL works
SSL works through the use of public key cryptography. Public key cryptography uses two keys – a private key and a public key – to transmit secure data between two systems. These keys are essential to respectively decoding and encoding secure data.
Step-by-step, here’s how SSL works:
- A user connects to an SSL-enabled service such as a website.
- The user’s application requests the server’s public key in exchange for its own public key. This public key exchange provides ways for both parties to encrypt messages that only the other party can read.
- When the user sends a message to the server, the application uses the server’s public key to encrypt the message.
- The server receives the user’s message and decrypts it using its private key. Messages sent back to the browser are encrypted in a similar way using a public key generated by the user’s application.
Public key cryptography is similar to using a padlock. The padlock itself is the public key and the combination is the private key. The server distributes its padlock, which anyone can use to lock a door or a box. However, the padlock can’t be opened without the combination, which only the server knows.
Why SSL is important?
How can I tell if my website has SSL?
When you visit a website with SSL, there are a few distinct differences that display within the browser. Click here for our free chrome extension where you will get alert every time a site lacks SSL and more protection.
1. The URL says “https://” and not “http://”.
The URL should look something like the screenshot below. Remember, an SSL-encrypted website will always have that “s” that stands for “secure.” Additionally, that text can show up green and follows a green padlock (another indicator, explained below).
2. You’ll see a padlock icon in the URL bar.
The padlock will show up on the left- or right-hand side of the URL bar, depending on your browser. For example, on Chrome and Safari, it’ll be on the left. You can click on the padlock to read more information about the website and the company that provided the certificate.
3. The certificate is valid.
Even if a website has the https:// and a padlock, the certificate could still be expired — meaning your connection wouldn’t be secure. In most cases, a site that displays as https will be secure but, if you encounter a site that asks for a lot of personal information, it may be worth double-checking to be sure the certificate is valid.
To find out whether the certificate is valid in Chrome, go to View > Developer > Developer Tools. From there you will need to navigate to the Security tab to see if the SSL certificate is valid or expired. If you click the View certificate button, you will be able to see more information about the SSL certificate and the specific date it’s valid through.
The next time you visit a website, check its encryption status. I love knowing that by clicking a little padlock, I can see if my data is secure. On the flip side, if you are a part of a business that doesn’t have SSL certificates, make them a part of your next goal set, so you can protect your customers’ data and privacy.