How does an SSL Certificate work
SSL Security Keys. SSL stands for Single Socket Layer and is a protocol (set of rules) used to secure Web connections. SSL works by the sharing of encrypted keys, or passwords. The keys are created in pairs---one a public key and one a private key. When the keys are traded in a particular manner between two parties, this protocol assures the parties in communication they are transacting with one another and not a hacker or phisher. It also assures the data being transmitted are not intercepted by someone else.
SSL uses encryption techniques to transfer data and personal information. The encrypted data are not understood unless examined or translated under the process of SSL protocol. The protocol outlines how algorithms (formulas used to encrypt) are to be used to comply with SSL standards. SSL protocol looks for key agreement (the successful exchange of keys or passwords, also called signatures), authentication (the establishment of each party's identity), a secured transport mechanism (once authenticated and secured, data are sent in a manner outlined by the protocol) and nonrepudiation (proof of the integrity of data can be provided). Secured transport is assured through a hash function (algorithms that reduce large data amounts into smaller amounts).
Third-Party SSL Verifications
The part of SSL that makes it such a strong security measure is the use of
a third party to authenticate the retailer, business or institution using SSL. The process begins with the retailer securing all communications with its server (its computer communicating during transactions) by creating a public key and a private key for itself. The retailer then pays for an SSL certificate that has been purchased and verified through a third party such as Verisign or Thawte. Verisign or Thawte will require proof of the retailer's ownership of the server and the identity of the company. Verisign then re-encrypts the public key (now called a certification or certificate) using Verisign's private key. This creates a unique key the retailer can't decipher.
Once the customer accepts the public key from the retailer, it sends to the retailer its public key. Every computer has one of these. This triggers the retail server to send a "password" to the customer that will be encrypted with the retailer's private key and the customer's public key. The customer's computer decrypts this password, which proves the message is sent from the retailer because the only way the password can be opened (or decrypted) is by the customer. All of this happens in the background. The customer is unaware of the process. At this point, security has been established and the computers communicate securely using the password sent to verify the retailer's identity.Source: www.gogetssl.com