How Does SSL Work?

SSL stands for Secure Sockets Layer, and it’s a way to encrypt data between two computers. If you’ve ever ordered something online or transferred money through PayPal, then you’ve probably seen SSL in action.

How Does SSL Work

SSL was developed by Netscape Communications Corporation in 1994. The company wanted to provide secure communication between browsers and servers over the Internet. 

Today, SSL is widely used to ensure that sensitive information such as credit card numbers and passwords remain private.

What Is SSL?

In the simplest terms, SSL is a protocol that ensures that data sent from a web browser to a server is encrypted. This means that only the intended recipient can read the data.

In addition, the encryption key is shared between the sender and receiver. This prevents anyone else from reading the message while it travels across the Internet.

The first version of SSL (Version 1) was released in 1995. It was designed to protect e-mail messages. Since then, SSL has been extended to include many other applications including web browsing, financial transactions, and electronic commerce.

Today, most websites use SSL because it provides an extra layer of security when communicating with their customers.

While there are several types of encryption methods available, SSL uses public-key cryptography which is considered more secure than symmetric cryptography.

Types Of Encryption Used By SSL

There are two main types of encryption used by SSL: symmetric encryption and asymmetric encryption. Symmetric encryption refers to the same type of encryption used to protect your credit card information at checkout. 

The advantage of using symmetric encryption is that it is fast. However, since the same key is being used to encrypt and decrypt data, it is easy for anyone to intercept the communication.

The second type of encryption is asymmetric encryption. This type of encryption requires two different keys: a public key and a private key.

The public key is published while the private key remains secret. These keys have different functions but they both share the same basic properties. 

They are mathematically linked so that any change in one results in a change in the other. When sending information to a website, the sender generates a random number and encrypts it with the public key.

Only the person who holds the corresponding private key will be able to decrypt the message.

For example, if Alice wants to send Bob a message, she creates a unique key called a “public key.” She publishes this key publicly so that everyone knows how to find her public key. 

When Bob receives the message, he also generates his own unique key, which he keeps private. He encrypts the message using the public key of Alice. Only someone who possesses the matching private key can decrypt the message.

Public key cryptography is faster than traditional symmetric encryption techniques. It is not as vulnerable to hacking attacks as symmetric encryption. However, it does require two separate keys. This makes it much harder to implement than symmetric encryption.

Private key cryptography is based on mathematical principles similar to those used in public key cryptography. However, instead of publishing the public key, you keep the private key secret.

You generate a new private key each time you want to communicate securely with another party. Anyone who obtains the original private key can access all previous communications between you and the recipient.

In addition to public key and private key cryptography, SSL supports three additional cryptographic algorithms: Diffie Hellman, RSA, and DSA.

  • Diffie Hellman (DH)

This algorithm allows multiple parties to exchange encrypted messages without having to share a common key. DH is based on the concept of a shared secret. A pair of numbers, known as a “key,” is generated by each participant. 

Each party uses their own key to encrypt a message. Then, when they receive the message, they use their own key to decrypt it. If the key is correct, then the message was sent successfully.

  • RSA Encryption

RSA stands for Rivest-Shamir-Adleman. RSA is an asymmetric encryption algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adelman.

RSA provides strong security because it combines two different methods of encryption. One method is based on mathematics; the other is based on physical processes.

The math part of RSA works like this: First, you choose a large prime number p and q. Next, you multiply these two numbers together until you get a product r pq. Finally, you divide the result by n, where n is the number you want to encrypt your data.

The physical process of RSA is more complicated. In its most basic form, it works like this: You take a sheet of paper and fold it into thirds. On the first third, you write down the value of p. On the second third, you write down q. 

And finally, on the last third, you write down r. When you unfold the paper, you will end up with a rectangle divided into three parts. The top section contains the value of p.

The middle section contains the value of q. And the bottom section contains the value of r.

Now, suppose you wanted to encrypt a message. You would start at the top of the paper. At the top, you would find the value of p. Using that value, you would calculate r p x q.

You would then move to the next section of the paper, where you would find the value q. Using that value, along with the value of r from above, you would calculate rp q. 

You would then repeat this process until you reach the bottom of the page. At the bottom of the page, you would have the final value of r.

This value represents the encrypted version of the message. To decrypt the message, you simply follow the same procedure, starting at the top of the page and working your way through the paper until you arrive at the bottom.

  • DSA Encryption

DSA stands for Digital Signature Algorithm. It is a signature scheme that relies on the difficulty of factoring large composite integers. As such, it has been proven secure against certain attacks. 

DSA also provides authentication services. Unlike symmetric ciphers, DSA does not provide confidentiality. However, it can be used in conjunction with symmetric ciphers to achieve both authenticity and confidentiality.

In order to use DSA, you must generate a set of parameters called a keypair. These parameters include a public key and a private key. Both keys are made up of 512 bits.

The public key is used to sign documents or verify signatures. The private key is kept secret by the user.

What Are The Benefits Of Using SSL?

The primary benefit of using SSL (Also check out What Is An SSL Error?) is to ensure the privacy of your personal information. If you visit a website that offers online banking or shopping, you want to make sure that no one can view your sensitive information.

With SSL, all communications between your computer and the server are encrypted. This ensures that only the intended recipient can read them.

Another advantage of using SSL is that it allows you to access websites that require login credentials. For example, if you were trying to log into an account management site, you might need to enter your username and password. 

Since these details are sent over unencrypted channels, they could potentially be intercepted by someone else. By using SSL, however, you can rest assured that no one will be able to see what you type.

Finally, SSL protects your identity when browsing the Internet. When you connect to a website, you may need to supply some form of identification. In many cases, this involves entering a username and password. 

While this information is usually stored securely, there’s always a chance that hackers could intercept it. By using SSL, you can rest easy knowing that your data will remain safe.

How Do I Use SSL?

There are two ways to use SSL. You can either install it on your own web server or buy a certificate from a third-party provider.

Let’s take a look at each option.

Installing SSL On Your Own Web Server

If you already have a web server running on your network, installing SSL is as simple as copying the appropriate files onto your server. There are several different methods available for doing so.

One method is to download the SSL software directly from the developer’s website. Another way is to obtain a precompiled binary package. A third option is to purchase a commercial version of SSL from a vendor such as Verisign. All three options work in much the same way. 

Once you’ve downloaded the file, you’ll need to extract it. This process involves unpacking the archive and placing the contents in their proper locations. Afterward, you’ll need to configure the server to recognize the new files.

Once everything has been configured properly, you’re ready to start serving secure pages.

Buying An SSL Certificate From A Third Party Provider

You can also buy an SSL certificate from a third party. These certificates come in various forms, including self-signed, trusted root, intermediate, and EV certificates.

A self-signed certificate is essentially just like any other certificate; however, it does not contain a company name or address. Instead, it contains a digital signature created by the issuing authority. 

Self-signed certificates are often used when testing or developing applications. They’re inexpensive, but they lack the security features of more expensive certificates.

A trusted root certificate is issued by a well-known organization (such as VeriSign) and is signed by another trusted root certificate. Trusted roots are generally considered trustworthy because they are vouched for by a reputable organization. 

Because they are signed by a trusted root, they carry the same level of trust as a self-signed certificate. However, since they are issued by a larger entity, they cost more than self-signed certificates.

An intermediate certificate is similar to a trusted root certificate except that it is signed by a trusted root certificate instead of being signed by another trusted root. Intermediate certificates are typically used to sign websites or email servers. 

Since they are signed by a known entity, they carry the same degree of trust as a self-signed certificate. However, intermediate certificates do not provide the same level of protection as a trusted root certificate.

An EV certificate is issued by a recognized certification authority. It is digitally signed with a private key that only the issuer knows.

The public portion of the certificate is then published to ensure that no one else can use the private key. EV certificates are very expensive, but they offer the highest levels of encryption.

Installing SSL Certificates

There are two ways to install SSL certificates: manually and automatically. Manual installation requires that you perform all steps yourself.

Automatic installation allows you to specify which files should be installed, where they should go, and how they should be named.

Manual Installation

The manual installation process is simple enough. You simply copy the appropriate files into your web directory. If you have Apache running on your system, this will likely be /usr/local/apache2/htdocs/. For IIS, this would be C:\Inetpub\wwwroot\.

How Does SSL Work (1)

If you want to create a new subdirectory within your website’s folder, such as /secure/, you’ll need to change the path accordingly.

Once you’ve copied the files into place, you must configure them correctly. This includes 

creating a.pem file, setting up the permissions, and adding the necessary lines to your httpd.conf file.

For example, if you wanted to secure a page called mypage.html, you’d first create a file called mypage.html.pem. Then, you’d set the permissions to 600 so that only the owner has access. Finally, you’d add these three lines to your httpd configuration file:


SSLCertificateFile mypage.html.crt

SSLCertificateKeyFile mypage.html_key.pem

Automatic Installation

You can also install an SSL certificate through automatic means. This is done using the command line interface. To begin, you’ll need to download the certificate from a CA site. In most cases, you’ll select “self-sign” when prompted.

Next, you’ll need to extract the certificate. This can be done in several different ways. One way is to use the openssl utility. Another option is to use the PKCS12 format (.pfx).

After extracting the certificate, you’ll need to move it to the correct location. On Unix systems, this is usually /etc/ssl/certs/. On Windows, it is often found at C:\Program Files (x86)\OpenSSL\bin\.

After moving the certificate, you’ll want to edit the httpd.conf file to include the following lines:


SSLEngine on

SSLCertificateFile “/path/to/mycert.crt”

SSLCACertificatePath “/path/to/ca.crt”

This tells the server to require SSL connections for the specified domain name. Next, you’ll need to tell the server what type of certificate to accept. There are two options here:

Certificate Type 1 – A self-signed certificate. This is the default choice.

Certificate Type 2 – An EV certificate provided by a recognized Certification Authority.

Finally, you’ll need to provide information about the Certificate Authority. This includes the organization’s name, address, and contact information. After completing all of these steps, you’re ready to restart the server.

Final Thoughts

Understanding SSL plays an important role in helping to keep your private and confidential information safe and secure, and having the knowledge to use and implement it in the correct way will play a key role in helping you to achieve the privacy that you need.

Matthew Jacobs