Secure Socket Layer

SSL stands for Secure Socket Layer, and was developed by Netscape. It is a predecessor to Transport Layer Security (TLS).

SSL is a standard security technology for establishing an encrypted link between a web server and a browser. Typically, SSL encrypted connections are used when dealing with online banking, PayPal, and many other websites that require the transfer for highly sensitive and/or personal information.

Technical details

Both SSL and TLS are cryptographic protocols that implement public-private key encryption, designed for secure network communications. Although predominantly Web-oriented, both SSL and TLS protocols are applied to a number of different transfer protocols, such as facsimile, FTP, POP3, and so on. Conceptually, SSL and TLS are the same. However, there are some slight technical differences.

SSL on the Web

From SSL.com: To be able to create an SSL connection a web server requires an SSL Certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key.

The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session - the lock icon in the lower right-hand corner, clicking on the lock icon displays your SSL Certificate and the details about it. All SSL Certificates are issued to either companies or legally accountable individuals.

Typically an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate. When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.