Secure Socket Layer (SSL)

Secure Socket Layer (SSL) is a protocol developed by Netscape in 1996 which quickly became the method of choice for securing data transmissions across the Internet. SSL is an integral part of most Web browsers and Web servers and makes use of the public-and-private key encryption system developed by Rivest, Shamir, and Adleman.

In order to make an SSL connection, the SSL protocol requires that a server should have a digital certificate installed. A digital certificate is an electronic file that uniquely identifies individuals and servers. Digital certificates serve as a kind of digital passport or credential which authenticate the server prior to the SSL session being established.

Typically, digital certificates are signed by an independent and trusted third party to ensure their validity. The "signer" of a certificate is known as a Certification Authority (CA), such as VeriSign, thawte and GeoTrust.

The diagram illustrates the process that guarantees protected communications between a Web server and a client. All exchanges of SSL Certificates occur within seconds, and require no action by the consumer.

Why do you need SSL

You need SSL if..

  • You have an online store or accept online orders and credit cards.
  • You have offices that share confidential information over an intranet.
  • You need to comply with privacy and security requirements.
  • Your business partners log in to confidential information on an extranet.
  • You process sensitive data such as address, birth date, license, or ID numbers.
  • You value privacy and expect others to trust you.