Step 1: A user requests a secure connection to a website. This is done by entering a URL that begins with ‘HTTPS’ into an internet browser. For example, https://www.example.com
Step 2: The website responds to the user's request and sends its SSL certificate to the browser for authentication. This is known as the 'SSL handshake'.
Step 3: The user's browser verifies the SSL certificate is valid. The browser displays a padlock icon in the URL, indicating the website is secure and can be communicated with.
Step 4: After successful verification, a secure connection is established between the browser and the website. Further communication between the browser and the site is encrypted. Information passed between the two parties can only be deciphered by the two parties involved. Hackers will not be able to decode any information passed between the two entities.
Internet browsers, like Chrome, Firefox and Internet Explorer, indicate whether a website is using SSL by offering several visual cues:
A domain validated (DV) SSL certificate indicates that the connection between the user and the website is securely encrypted. All information exchanged between the user and the website is secure and cannot be intercepted and read by a malicious third party. However, domain validated certificates do not vouchsafe the identity of the website owner. The information is encrypted, but users have no idea whether the website to that they are sending their data to is a trustworthy business. Organization validated (OV) and Extended Validation (EV) certificates provide both encryption and assurance that the website can be trusted. This is because OV and EV certificates are not issued until background checks have been carried out on the owner of the website. Additional information in OV and EV certificates includes the full business name and their registered address. These details improve the online reputation of the organization in the eyes of web browsers as well as users. And the more legitimate a website appears, the more business it will generate.
SSL certificates can be purchased from certificate authorities. An SSL certificate will only be recognized by internet browsers and mobile devices if it is signed by a trusted certificate authority (CA). If it is not, then the end-user will see error messages when they connect to the site. The first step of applying for a certificate is for the website owner to generate a Certificate Signing Request (CSR) on their webserver. They will submit this signing request to the CA, along with their company name, business address and other details. The CA will issue the certificate after validating the identity of the organization.
Apart from the data being encrypted and protected from hacking, you get the following benefits: