We have seen many websites while searching through internet having both http and https. Https shows that the website is secure. Looking at the navigation bar at the top, we can see a padlock. This padlock will be seen green if it is a secure website. Otherwise it is an insecure website in which the data we transit through that website will be insecure and there may be a chance for the hackers to hack your personal details from it.
In order to avoid hacking your details especially personal details like bank account details,etc., we need to make the website secure. Security of a website from third party attack is only possible by purchasing SSL certificate. SSL stands for Security Sockets Layer. SSL is a standard form of making your website secure and safeguards sensitive details from getting stolen by a third party. SSL creates a security between two points in the internet. After adding SSL to your website, it establishes an encryption link between two systems. These systems can be either between client to server or server to server. The request transmitted over internet by the client is first encrypted using encryption algorithm and it transferred to the web server. The server decrypts the request and sends back the result after encrypting to the web browser. The decryption is made possible only at both ends. SSL provides high security for your data from third party, that, the data transmitted over internet from web browser to web server or vice versa cannot be read without decrypting. Thus SSL protects your data and website from being robbed by someone else since they may not be able to read the encrypted data.
SSL certificates contain mainly domain name and company name. There will also there an expiration date for all SSL certificates. When server reaches a request from the client, the web server will check for the validity of the certificate. That means it checks whether the SSL certificate has been expired or not. If it is not expired then it will check for the SSL certificate issuing authority. If it is a trusted authority, then it will check whether the certificate is used by the actual registered site. If yes, it will accept the request and encrypts the two systems. If the site was not registered by the SSL , or it is not issued by s trusted authority, then the web browser will show a warning making the user know that the website is not secure.
Establishment of SSL connection:
Step 1: The user searches for the site using the url as : https://example.com.
Step 2: The server accepts the request and SSL handshake takes place. During this process the server will verify the SSL certificate validity.
Step 3: Then if it is a valid certificate, it server allows the encryption between both server side and client side.