What a SSL Certificate Is and How It Works


We are all familiar with HTTP. But sometime we see HTTPS with a Green color in our browser address bar. This is what happens when we visit Google, Yahoo, Paypal, CCAvenue, Amazon, Flipkart and so on and this is because these websites use the Hypertext Transfer Protocol Secure (HTTPS) protocol.

Most webmasters now prefer that their website run on the HTTPS protocol to make the website or application secure and avoid hacking.

To run a website on HTTPS, we need a certificate that is nothing but a Secure Sockets Layer (SSL).

How SSL Works

When we purchase a SSL certificate, we get the following 2 keys along with this certificate.

  1. Private Key
  2. Public Key

The Public Key is located at the server where our website/application is hosted.

The Private Key is assigned to the browser when our website is visited by someone.

The 2 keys and how they work

The Public Key and Private Key are nothing but a small software program developed by the vendor from where we purchase the SSL certificate for our website/application.

Okay, now we all know that Private Key is assigned to the browser from where our application is requested. Now the visitor/user makes some transaction with our website. That's why he/she needs to send some important data to us or to the server as what happened in shopping sites, Gmail and other transaction sites. The important data may be his/her account details, email content and so on and when this type of data is passed through the network in a flat way, those can be easily hacked by someone from some point of the network.

But now the Private Key exists at the browser side, so when the user/visitor tries to make a transaction, in other words data, is to be passed between the server and browser through various network paths, a Private Key takes that data and encrypts it into a very highly secured format that can only be decrypted by the Public Key associated with this Private Key (as I said that we get 2 keys when we purchase a SSL certificate for our website/application). So, after encryption, the encrypted data travels through the network to reach its destination host, in other words at the server where the application/website is hosted.

Then the server get this encrypted data and decrypts it by the Public Key.

Here we should ensure that the Public Key can decrypt the data encrypted by its associated Private Key. That means the Public Key of a website/App with the name "X" cannot decrypt the data encrypted by the Private Key of another website/App with the name "Y" and vice versa.

Flow Diagram

In the following flowchart the browser has sent the data abc that is encrypted by the Private Key into an unknown format like [ex%25*&^$#@!] and travelled through the network and finally decrypted at the server by Public Key into the Output abc.

Flow Diagram

Now if someone hacks the data from any point of network, then he/she will get this encrypted data that can't be decrypted without the Public Key located at the server side.

So, this is how SSL works.

Where to Purchase a SSL

Godaddy.com, Symantec.com and many others.

Note: Search in Google and get the best one.