SSL (Secure Sockets Layer) is a standard technology used for maintaining secure internet connection and protection against hacking. In this blog, you will really get all relevant information regarding why SSL is important and how it protects from hackers. Before we start SSL, let's start a discussion with trending confusion HTTPs is there on some website and why it is absent on some website.
We are familiar with a protocol named as HTTP, which acts a way to communicate between server and browsers. When we are traveling data through HTTP protocol in a plain text, it become insecure, hackers can easily modify data as we are using insensitive data such as credit cards information on websites. This information need to be secured /encrypted. For security, there is a need to enable HTTPs
HTTP's is a secure protocol used between browser and webserver i.e. entire interactions are encrypted.
How to enable HTTPs?
To enable HTTPS, the first task is to choose and purchase the best SSL certificate as per your website requirement.
An SSL certificate act as digital file made up of code used for Authentication, verification, and encryption.it is also referred as a Digital certificate for server. This certificate is issued by a third party to verify server's public key identification. This certificate will assure that its server public key through which we are communicating.
How SSL works
Public Key is used for encrypting information where as private key is used for decryption. SSL establish a secure communications link between web browser and website. Every HTTPs website use two protocols for an encryption.
After establishing a connection, shared key is used for encrypt and decrypt traffic between them. Lets understand through example
Suppose, I want to connect with codingtag server with an encrypted communication.
For e.g. when I type https://www.codingtag.com/ the following steps occurs:
a) My browser requests secure pages from codingtag web server.
b) Coding Tag server sends its public key with SSL certificate.
c) When my browser receive the SSL certificate, it will verify the issuer's digital signature is valid or not.
d) As we know that digital signature was created by CA'S Private key and my browser is previously installed with many CA'S public key. After certificate's signature is verified, the green padlock get appear in the address bar which indicate that the web server's public key is really belongs to web server only.
e) After verification, browser create a symmetric key and gives a duplicate copy to the web server. The browser use the web server's public key to encrypt and then send it to the web server.
f) When web server receive the encrypted symmetric key it uses its private key to decrypt it. Now the web server received the browser's shared key. With this, entire traffic between web server and browsers will be encrypted and decrypted with same key which in turn results in an encrypted communication between client and web server.
How SSL is beneficial for e-commerce websites:
c) Customer confidence
d) Boost Up Your Websites Visitor Conversion Rate
e) Prevent from hackers
Read this article: Ethical Hacking Interview Questions