To be able to create an SSL connection a web server must have an SSL Certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Typically an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate. When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, that it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.
The complexities of the SSL protocol remain invisible to your customers. The only change that you or your customers may see is a padlock icon in the URL bar or status bar of your browser. Also, your computer will issue warnings to you if you try to connect to a server and the certificate that it gets back is not trusted or doesn’t match the site you are trying to connect to.
You can tell if you are visiting a site which uses SSL since the address bar will start with https:// . The screenshot below is the browser, Chrome, indicating a verified SSL certificate. The site, mint.com, uses a secure connection since it is a personal finance site.
If you are trying to create a secure connection with a site that does not have an SSL certificate the browser will show you the image below . Intersites.com does not use SSL encryption since it does not handle sensitive information like processing credit cards.
We hope this article has helped you gain an understanding of SSL on the web. As always, questions and comments are welcome below.
Posted in Help Me Understand