Security socket layer

I don’t know whether you have purchased anything from eBay or not, but most of us familiar with online reservation system and most probably, used it too. This is what we call online transaction and it has become a part and parcel of our daily life. With more and more services going online and the trend of online transaction hiking day by day. Security related issues are also growing with this. You want  allow an anonymous person ( so no doubt hackers) to have your credit card details or bank account number, will you?

Here begins the main body of our discussion. The question arises- how security is implemented during the whole process of online transaction. And the answer is very simple – SSL. Don’t underrate this trilogy of alphabets because the overall e commerce security is based on them.

Security socket layer is standard security technology used to create an encrypted link between a web server and a web browser. When a SSL digital certificate is installed on a website, user can see a padlock icon at the bottom of navigator.

In order to generate an SSL link, the basic need of a web server is nothing but an SSL certificate. These are many authorities which provide these certificates. Typically on SSL certificate will contain your domain name, company name, address, city, state, country. It also contains details of certificatr issuing authority as well as the expiry date of certificate.

Now see how browser deals with SSL. When a browser connects to a secure site ( domain name begins with https instead of traditional http ), it will receive the site’s SSL certificate and checks –

1.      It is not expired.

2.      It has been issued by a certification authority whom the browser trusts.

3.      It is being used by the website for which it has been issued to.

If it fails on any one of the issues, the browser will display a warning message to the user stating that the site is not safe to browse. Otherwise have a nice surfing experience.

SSL works on the concept of public and private keys. Your private key is known to you while your public key doesn’t need to be secret and is placed into a certificate signing request (C S R), a data file containing your details and is sent to the certificate using authority  which verifies it before installing a secure session. Your web server will match your issued SSL to your private key. Your web servers will then be able to establish an encrypted link between the website and your customers.