How do SSL certificates work?

Information Technology It Icons  - GDJ / Pixabay

SSL stands for Secure Sockets Layer. It is a protocol used to protect or encrypt sensitive communications over the web. The idea is to send the information to the intended users while negating the possibility of third parties eavesdropping or reading it unauthorized manner. 

Why SSL certificates are needed

SSL certificates provide the trusted solution to the internet users who employ this medium for doing activities that require the furnishing of sensitive information. For example, people shopping for products or services online can do the job with added peace of mind when they know their financial details are well-protected by SSL cover. The other information like social security numbers, or identification numbers, which can be misused by cyber miscreants, can be exchanged after encrypting it through SSL.

How SSL works – a step-by-step outline

SSL key employs public-key encryption. This encryption system uses two kinds of keys – a public key and a private key. The recipient needs to have a private key to access the information sent to him. The overall process is nothing but encoding and decoding of the data exchanged between the two users.

Important steps include:

  1. Users reach the SSL-empowered service, such as a website.

  2. An action by the user asks for the public key at the server in lieu of its own public key. This exchange enables the messages’ encryption, allowing the information to stay between the user and receiver only.

  3. On sending a message from the user to the application’s or website’s server, the application encrypts it by employing a public key at the server.

  4. In the case of information flowing from the server to the user, the latter uses its private key. The same process takes place when the message is sent from the user to the browser. In this case, the browser uses its public key to encrypt the message, and the receiver decrypts it using its private key. 

In these cases, the user and the applications or browsers are not the people but the machines or virtualized machines. Thus, the chances of errors and leakage are reduced to zero. 

Server Handshake explained

It works precisely the way spies work. There is a code they exchange to facilitate the exchange of secret information. SSL does the same, and the process is called an SSL handshake. 

It involves three steps:

  1. SSL handshake: Server says ‘Hello’ to the client when the client initiates the exchange of information through Hello. The server will read ClientHello and will respond through ServerHello. This ascertains the correctness of the information is happening between two authorized entities.

  2. Server Verification: When the SSL handshake has happened, both entities identify each other through SSL certifications.

  3. Key transfer: After handshake and verification, the server transfers a pre-master key. This master key is a private key encrypted. The server decrypts this using the public access available at its end. This part is asymmetric due to public key-private key interaction. The master key (private) decrypts the client information (protected by private key). So, the private key-private key exchange makes it symmetrical encryption.

Thus, amply complex encryption is achieved by the service providers using both types of encryptions. It becomes almost impossible to guess by any hacker unless the user has fallen prey to any phishing email.