Have you ever visited a website that uses https:// in the URL rather than http://? If you think not you should have another look at the URL for this page… there it is! You have been using SSL, or Secure Sockets Layer, without even knowing it. So what is SSL and why does it matter?
SSL stand for Secure Sockets Layer and it is a technology that facilitates an encrypted connection between a web server or host, and a web browser or client. Since this connection between these two encrypted, it ensures that data passed between them remains private. SSL is the industry standard for web encryption and it is used by over half of the websites current in existence (as of February 2018).
How SSL protects data
To use SSL on your site you need an SSL certificate, and this is usually provided by your hosting provider. The SSL certificate creates an encrypted connection between client (the person viewing your site) and the server (the machine hosting your website). Encryption is great, it means that nobody can read your data without having the necessary decryption keys and this encryption/decryption process is enabled on your site by using SSL.
Establishing an encrypted connection
There are a lot of very technical processes that happen while a secure encrypted connected is established between your site and the client trying to view it but we can summarise these in three simple steps:
- The user accesses a secure URL like https://www.learningglue.com by either typing the address into a browser or click on a link
- This initiates something called an SSL handshake that involves the server receiving the request and submitting a reply that will attempt to establish a secure connection between the client and server.
- Assuming all went well and the SSL certificate was verified through the SSL handshake, data that is now transferred between the client and server is encrypted.
Knowing if a site uses SSL
If a web site is using SSL you will want to know about it for good reasons, for example you can be more confident that any data you submit via a form will be encrypted and safer from interception. Typically a web browser displays a padlock symbol to the left of the URL, often using the word SECURE or something similar to highlight the fact that the is using SSL. By clicking on the padlock symbol you will be able to access details of the SSL certificate if you are in any doubt or want more information.
Typically, SSL Certificates contain information about the domain and the issuing body. Certificates have a short life and need to be renewed every few months, this information is also contained within the certificate. The expiry date is one of the first things a a browser will check when attempting to establish a secure SSL connection to a web site. It also checks the issuing body and the matches to domain to that listed on the certificate. If any of these checks fail, the browser will reject the SSL and warn the user that the site is not secured.