SSL is protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that’s transferred over the SSL connection. Both Netscape Navigator and Internet Explorer supports SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.
How does SSL Certificates Work?
Client requests for secure resource.
Web-server presents its certificate.
Client verifies the certificate.
Client generates a Session Key (40, 56 or 128bit).
Client extracts the public key from the web server certificate and encrypts the session key.
Client then sends encrypted key back to the Web-server.
Web- server decrypts the session key and both now have a common key for that session.
Both the web-site and the client can now communicate securely.
When the browser closes the window or server drops the connection the session is terminated.
Next time browser comes back to the same page a new session key is generated.