Secure Sockets Layer (SSL): How It Works
What Happens When a Browser Encounters SSL
- A browser attempts to connect to a website secured with SSL.
- The browser requests that the web server identify itself.
- The server sends the browser a copy of its SSL Certificate.
- The browser checks whether it trusts the SSL Certificate. If so, it sends a message to the server.
- The server sends back a digitally signed acknowledgement to start an SSL encrypted session.
- Encrypted data is shared between the browser and the server and https appears .
Encryption Protects Data During Transmission
Web servers and web browsers rely on the Secure Sockets Layer (SSL) protocol to help users protect their data during transfer by creating a uniquely encrypted channel for private communications over the public Internet. Each SSL Certificate consists of a key pair as well as verified identification information. When a web browser (or client) points to a secured website, the server shares the public key with the client to establish an encryption method and a unique session key. The client confirms that it recognizes and trusts the issuer of the SSL Certificate. This process is known as the "SSL handshake" and it begins a secure session that protects message privacy, message integrity, and server security .
Credentials Establish Identity Online
Credentials for establishing identity are common: a driver's license, a passport, a company badge. SSL Certificates are credentials for the online world, uniquely issued to a specific domain and web server and authenticated by the SSL Certificate provider. When a browser connects to a server, the server sends the identification information to the browser.
To view a websites' credentials:
- Click the closed padlock in a browser window
- Click the trust mark (such as a Norton Secured Seal)
- Look in the green address bar triggered by an Extended Validation (EV) SSL
Authentication Generates Trust in Credentials
Trust of a credential depends on confidence in the credential issuer, because the issuer vouches for the credential's authenticity. Certification Authorities use a variety of authentication methods to verify information provided by organizations. Symantec, the leading Certification Authority, is well known and trusted by browser vendors because of our rigorous authentication methods and highly reliable infrastructure. Browsers extend that trust to SSL Certificates issued by Symantec.
Extend Protection beyond HTTPS
Symantec SSL Certificates offer more services to protect your site and grow your online business. Our combination of SSL, vulnerability assessment and daily website malware scanning helps you provide site visitors with a safer online experience and extend server security beyond https to your public-facing web pages. The Norton Secured Seal and Symantec Seal-in-Search technology help assure your customers that your site is safe from search to browse to buy .
To learn more about how SSL certificates work and the benefits of implementing SSL on your website, visit our "SSL Explained" interactive resource.
Extended Validation and SSL Security
For businesses with a high profile brand, using Extended Validation (EV) SSL Certificates has proven to be an effective defense against phishing scams. For any online business, using SSL with EV may have a big impact on the bottom line. Online shoppers are more likely to enter their credit card and/or other confidential financial information into a website with the SSL EV green bar.
Phishing and Online Fraud Undermine Customer Confidence
Concerns about identity theft and browser warnings erode consumer confidence, even on secured pages.
To regain their trust, site owners need an easy, reliable way to show customers that their transactions are secure and they are who they say they are. Certificate Authorities and Internet browser vendors have combined forces to establish the EV standard for SSL Certificates.
The Green Address Bar Restores Trust with Extended Validation
An EV SSL Certificate gives customers more confidence that they are interacting with a trusted website and that their information is secure. An EV SSL Certificate triggers high-security web browsers to display your organization's name in a green address bar and show the name of the Certificate Authority that issued it. The Certificate Authority uses an audited, rigorous authentication method and browsers control the display, making it difficult for phishers and counterfeiters to hijack your brand and your customers.
Why Symantec EV SSL?
Symantec helped lead the development of Extended Validation and as of January 2012 has issued more EV SSL Certificates than any other Certificate Authority.* Our rigorous authentication practices set the standard for online identity assurance and are audited by KPMG. Continuous investment in research and infrastructure helps Symantec maintain the highest standard of practice in the industry and stay well ahead of evolving security risks.
* Includes Symantec subsidiaries, resellers, and affiliates.