SSL is a security protocol used for securing communications on the Web. A protocol is a set of rules or procedures. SSL technology takes a message and runs it through a set of steps that "scrambles" the message. This is done so that the message cannot be read while it is being transferred. This "scrambling" is called Encryption.
When the message is received by the intended recipient, SSL unscrambles the message, checks that it came from the correct sender (Server Authentication) and then verifies that it has not been tampered with (Message Integrity).
SSL makes use of Digital Certificates to authenticate one or both parties of an Internet transaction. A digital certificate is a means of binding the details about an individual or organization to a public key and it serves two purposes:
- First, it provides a cryptographic key that allows another party to encrypt information for the certificate's owner.
- Second, it provides a measure of proof that the holder of the certificate is who they claim to be - because otherwise, they will not be able to decrypt any information that was encrypted using the key in the certificate.