Secure Sockets Layer (SSL) is the standard technology used for establishing an encrypted connection between two systems. This could be between a web server and a client (e.g. an e-commerce website and a browser) or server to server (e.g. an application that processes financial details).
This connection ensures that all data passing between the two parties remains encrypted, private, and whole, and prevents malicious parties from reading or modifying the information transferred.
In order to create an SSL connection, a web server requires an SSL Certificate. To receive this, you will be required to answer a number of questions regarding the identity of your website and your company. The server will then create two cryptographic keys: a Public Key and Private Key.
Along with your website’s details, the Public Key is then placed into a data file called a Certificate Signing Request (CSR), which you can then submit to a certification authority like Let’s Encrypt. This third party will then validate your details and issue you with an SSL Certificate, allowing you to use the protocol on your website. Your server will match your issued SSL Certificate to your Private Key, and will then be able to establish an encrypted link between the website and a user’s web browser.
When a browser connects to a secure website it will retrieve the site’s SSL Certificate and ensure it up-to-date, is issued by an Authority the browser trusts, and it is being used for the correct website. If it fails any of these checks, the browser will display a warning to the user that the site is not secured by SSL.
When a website is successfully secured by an SSL certificate, HTTPS (Hyper Text Transfer Protocol Secure) will appear in the URL. The details of the certificate can be viewed by clicking on the lock symbol in the browser bar.
TLS (Transport Layer Security) is an updated, more secure version of SSL. While many still refer to their security certificates using the term SSL, when you are implementing SSL from an authority today you are actually using the most recent TLS certificates.
If you’d like to look into the configuration of any SSL server on the web, you can use an independent auditing tool like Qualys SSL Labs, which will assess and rate the SSL/TLS connection of any given server.