SSL – Overview

SSL - Secure Communication

The Secure Socket Layer (SSL), also known as Transport Layer Security (TLS), is one of the fundamental technologies supporting the web today.  SSL/TLS provides the security needed to keep information confidential that crosses the Internet, verify the identity of the other machine, and ensure the that information isn’t tampered in transit through the world wide web.  The first step in the process is for every server to get a certificate from a reputable certificate authority that  proves it’s identity.  Clients may also be issued identifying certificates to ensure two-way identification.  When two devices want to communicate, they perform an exchange of information (handshake) that helps establish their identities and set up a secured connection. To establish trust, they send their certificates to one another and by using the trusted certificate authority’s own certificate the can verify the identity of the other machine.  Clients are not normally required to provide a certificate, however servers must provide a certificate.  Once the handshake is complete and they trust each other, they may begin communicating data  between them without fear of eavesdropping or tampering.