SSL stands for Secure Sockets Layer. In plain English that simply means that it’s a way for a website to communicate safely with a browser on a website user’s computer.

If you prefer more technical terms, it’s a protocol that allows client/server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.

SSL can be used in a bunch of different ways but among the most common usages are for web-based email and for online transactions. If you have ever bought something online, the chances are that you used SSL-based technology, even if you weren’t aware of it. In simple terms, SSL works like this:

  1. a website visitor tries to connect to a new, SSL-protected website, at which point the visitor’s browser requests a secure connection.
  2. the website server sends the visitor’s browser a digital “certificate”. This is basically an electronic document that contains the key to a security code and also the details of a third party organization that can vouch for the identity of the website. This third-party is known as a trusted certification authority (CA) – their credbility is an essential part of the system.
  3. the visitor’s browser uses the security code key to encrypt the information it needs to send – email or credit card details for example – and, since the website at the other end provided the key, noone else is able to decipher the message.
  4. the website visitor’s browser displays an icon – often a padlock – to let the user know that the connection is secure, and the website URL in the address line of the browser changes from “http” to “https”.

In our next post we’ll talk a little more about the difference between http and https, and how to implement SSL-based technology on your own website.