SSL is a protocol that offers secure transmission over the HTTP-protocol. It has become a standard for authentication and encryption between web browsers and servers. If you use SSL in your web applications it’s close to impossible to steal the exchanged information. If you don’t, it’s very easy. SSL has two implementations: Server-side certificate implementation and server and client-side certificate implementation. This article explains the first, because it's the most commonly used.

SSL does three things:
*Tells the client if the server is who he claims to be or not.
*Encrypts the transmission.
*Will notice if data has been tampered with during transmission.

The SSL certificate
The implementation of SSL requires a certificate (ID), which is provided by an SSL-providor, for example Verisign. The providor only issues certificates to approved customers. They have certain procedures to check out a customer, so they don’t deliver to crooks. The server admin will put the certificate on the server and enable SSL. It’s also important that browsers which will communicate with the server support SSL and have SSL enabled.

The SSL handshake
When you host a server and you get your certificate, it proves that the server is safe and belongs to you. A transmission is started with an SSL handshake that authenticates the server. When a browser requests document from the server, the URL will change from ‘http’ to ‘https’. The browser will also display a lock icon, and when the lock is clicked with the mouse, the certificate will be displayed so that the user can check it out. If the certificate isn’t valid or has expired, the browser will automatically message the user.

The encryption
SSL uses a 128-bit RSA-algorithm. The higher number the better, and 128 takes quite a while to crack. How does the key stuff work? Well, RSA uses PUBLIC and PRIVATE keys. The server issues a public key to the client (browser), which encrypts it’s information with it and sends the encrypted message back to the server. The server decrypts the information with it’s private key. What’s important here is the public key cannot decrypt the message, only the private key. That’s what’s so fantastic about the RSA algorithm.

Who uses SSL?
Anyone who cares for their customers information. Used by many internet banks, online career services etc. But anyone who's approved by a certificate user can implement it.

-

Please feel free to comment on mistakes or whatever! I'll be back with SSL weaknesses (they exist!) some other time......