What is SSL? And how can I use it?

SSL stands for Secure Sockets Layer. What this means in plain language is that when a Internet Browser connects to a server connected to the internet the transfer of data between the browser and the server is encrypted. The data is encrypted so no one who is possibly intercepting the data transfer between the two can read it. So while a person can intercept the data transfer they won’t be able to read the data because it will be gibberish to them.

To use SSL there must be several requirements met first. The first requirement is that the Internet Browser be capable of handling SSL communications. This generally isn’t a problem with most of the commercially available browsers nowadays. The second requirement is that the server must be set up with a certificate which allows SSL communications. This SSL certificate is set up by the web site owner. SSL encryption comes in two versions 56-bit encryption and 128-bit encryption. The higher the number the better the encryption.

So where can you get a SSL certificate for a web site? You can get them in several places. First, the web site can just create their own certificate. There is nothing wrong with doing so, but in doing so when a person visits the web site the visitor might get a warning that the certificate isn’t trusted. This is because the person just created it and did not go through one of the commercial entities providing certificates, which are considered trusted. If a web site owner gets the certificate from a commercial entity (for a cost of course) these entities will verify the site owner and the warning will not generally appear.

To use the SSL encryption the person visiting the website must use the “https” protocol. Normally, if you look at a web site address you will see the address as “http”. This page’s address is “http://www.e3servers.com/articles/ssl.htm”. At the front of the address is http. If we were to use encryption for a web page we would use the https instead of https. The “s” stands for secure. It is only when you use https you know the web page you are viewing is encrypted with SSL. To see a SSL encrypted page look at this page. With some browsers you might see a gold lock on the bottom of the browser indicating that the browser is viewing a SSL encrypted page. However, the absence of a gold lock or the presence of the gold lock DOES NOT absolutely mean that the page is SSL encrypted. ONLY if the address starts with https can you be sure of the encryption. This is because sometimes there are items written in the web page which indicate to the browser that the page isn’t encrypted when in fact it is.

SSL encryption is used primarily for e-commerce applications. While not all communications between a browser and server are intercepted you never want to take a chance when you are submitting to a web site information concerning your credit card, home address information and/or any personal information. Without SSL encryption every time you ordered something online you might be giving out your credit card number to a thief. Without SSL encryption there would be no e-commerce. A common question is that if a site uses SSL encryption is the information safe when data arrives at the server? No. SSL encryption only makes the data transfer difficult to read. Once the data arrives either at the browser or at the server it is no longer encrypted. That’s why there are firewalls and other items used to protect servers and computers attached to the internet. Protecting information on the net relies on several things and SSL encryption works only on the flow of information not the storage of information.

Discuss this article in our forums

Visit e3Servers

Copyright © by Dedicated Servers, Reseller Web Hosting News All Right Reserved.

Published on: 2004-01-25 (7492 reads)