How do SSL Certificates work?
The SSL/TLS Handshake
How your browser securely connects to a website in a few simple steps.
What is SSL/TLS?
SSL/TLS (Secure Sockets Layer / Transport Layer Security) is the standard technology for keeping an internet connection secure. It creates an encrypted (scrambled) link between a website's server and your browser.
Why is it essential?
- Privacy: Prevents criminals from eavesdropping on your data.
- Integrity: Ensures that information isn't tampered with during transfer.
- Authentication: Verifies you are communicating with the real website.
Client Hello
Your browser (the client) sends a "hello" message to the website's server. This message includes the TLS/SSL version it can use and a list of supported cipher suites (encryption algorithms).
Server Hello & Certificate
The server responds with its own "hello," chooses a cipher suite from the browser's list, and sends its SSL certificate, which contains its public key.
Verification
Your browser verifies the SSL certificate. It checks that the certificate is valid, not expired, and was issued by a trusted Certificate Authority (CA). This ensures you're talking to the real website, not an imposter.
Key Exchange
The browser creates a unique, one-time-use session key. It encrypts this key using the server's public key (from the certificate) and sends it back to the server.
Decryption & Session
The server uses its private key to decrypt the session key. Only this server can do this. Now both the browser and server have the same secret session key.
Encrypted Communication
The handshake is complete! A secure connection is established. All data sent between your browser and the server is now encrypted using the shared session key. You'll see the padlock icon and HTTPS in your address bar.
Handshake in Action
1. Client Hello
2. Server Hello & Certificate
3. Verify Certificate
4. Send Encrypted Session Key
5. Decrypt Session Key
