November 12, 2010
Nerdsonsite

What is SSL and Why is it Important?

Many web hosts provide the ability for clients to provide their customers with SSL (Secure Socket Layer) connections when signed into their websites or email. It’s important to understand how SSL works, and why so many websites use the protocol to protect user data.
Websites use SSL to encrypt and secure each user’s session while they’re logged in. Without it, it’s very possible for someone to monitor or hijack that session.
Websites such as Facebook or Twitter currently do not use SSL, and thus should not be used on a public network because a user’s session can be monitored.
You can immediately tell when a website session is secure by a lock icon in the bottom right hand corner of the browser, and the website address should have https://, the “s” meaning secure. If the address only starts with https://, the website is not secure.
When you login to a website that uses SSL, you can rest assured that no one can monitor your session while you are logged in.
When a user accesses an SSL-enabled website, it automatically asks the server for a digital Certificate of Authority (CA). The browser will verify the information on the certification with server’s identity and to ensure data will remain secure. If all goes as it should, this process should happen behind-the-scenes.
When the browser verifies the certificate, it uses the public key to encrypt a “key” that includes the user’s login information and sends it to the server.
The SSL server decrypts the “key” and uses a private key to decrypt the data, and sends back the requested information in an encrypted “key” to the web browser, which decrypts the data and displays the requested web page and data.
Make sure that you are using a modern web browser that takes advantage of SSL, and that your hosting provider offers SSL capability so you can rest assured that traffic between your computer and their web server will be secure. Also make sure that the information you are entrusting to your hosting provider for those SSL sessions will not be sold to third parties.