
The Secure Sockets Layer (SSL) protects data transferred over http using encryption enabled by a servers SSL Certificate.
An SSL Certificate is an electronic file that uniquely identifies individuals and Web sites and enables encrypted communications.
An SSL Certificate contains a public key and a private key. A public key is used to encrypt information and a private key is used to decipher it. When a browser points to a secured domain, an SSL handshake authenticates the server and the client and establishes an encryption method and a unique session key. They can begin a secure session that guarantees message privacy and message integrity.
SSL Certificates serve as a kind of digital Passport or credential. Typically, the "signer" of a certificate is a "Certificate Authority" (CA), such as VeriSign.
Encryption, the process of transforming information to make it unintelligible to all but the intended recipient, forms the basis of data integrity and privacy necessary for e-commerce. Customers submit sensitive information and purchase goods or services via the Web only when they are confident that their personal information is secure.
The solution for businesses that are serious about online transactions is to implement a trust infrastructure based on encryption technology.
The diagram below illustrates the process that guarantees protected communications between a Web server and a client. All exchanges of SSL Certificates occur within seconds, and require no action by the consumer.