Secured Socket Layer (SSL) is a technology used by web hosts to provide encryption between the browser client and the domain. SSL has become a standard requirement for web sites that contain sensitive data like social security numbers, medical information, or finances. SSL encryption has different levels of security, but even the least level offers a form of protection from hackers.
- Older technology for SSL only provided 40 or 50 bit encryption. Standards for website encryption are 128 bit certificates distributed by authorities such as VeriSign or Microsoft. SSL is configured on servers in the form of a certificate, which is a text file that holds the encryption key.
- Certificate authorities are trusted organizations that browser's recognize when accepting a validation certificate. When an SSL certificate is assigned to a server, the browser reads the key. If the certificate authority is on the browser's trusted list, it automatically assumes the encryption is from a secure website. Places like VeriSign are secure certificate authorities.
- When requesting an SSL certificate from an authority, the server must first generate a request. The request is an encrypted text file that is sent to the authority. The authority validates the corporate information and signs the request with its own digital signature. It's this digital signature that is loaded onto the host server.
- Visitors are able to verify the security and encryption of the data being sent to and from the website server. The browser has a key or lock image visible during the entire time encryption occurs. The address used for SSL always begins with an "HTTPS" prefix. These two methods make it easy for users to identify SSL encryption.
- Management for SSL certificates are handled by the web host server
application. Microsoft Internet Information Service (IIS) and Apache are two web hosting applications that can be used to create a certificate request and install the digital signature of the file. Installing an SSL certificate is available in the server software documentation