What is SSL?
Secure Sockets Layer, SSL, is the standard security technology for creating an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
An organization needs to install the SSL Certificate onto its web server to initiate secure sessions with browsers. Depending on the type of SSL Certificate applied for, the organization will need to go through differing levels of vetting. Once installed, it is possible to connect to the website over https://www.domain.com, as this tells the server to establish a secure connection with the browser. Once a secure connection is established, all web traffic between the web server and the web browser will be secure. Browsers tell visitors a website is SSL secure via several visible trust indicators
Extended Validation (EV) SSL Certificates (such as GlobalSign ExtendedSSL):
Standard SSL Certificates (such as GlobalSign DomainSSL and OrganizationSSL) display:
To view the details of an SSL Certificate, go to a secure site, click on the padlock and select “View Certificate”. All browsers are slightly different, but the Certificate always contains the same information.
To view the actual contents of the Certificate click the "Details" tab:
Click the "Certification Path" tab to see which Trusted Root Certificate has been used to issue the SSL Certificate:
Why is the Root Certificate important?
SSL Certificates need to be issued from a trusted Certification Authority's Root Certificate, and preferably by a 2048 bit Certificate that's widely distributed. The Root Certificate must be present on the end user's machine in order for the Certificate to be trusted. If it is not trusted the browser will present untrusted error messages to the end user. In the case of e-commerce, such error messages result in immediate lack of confidence in the website and organizations risk losing confidence and business from the majority of consumers.
Companies like GlobalSign are known as trusted Certification Authorities. This is because browser and operating system vendors such as Microsoft, Mozilla, Opera, Blackberry, Java, etc., trust that GlobalSign is a legitimate Certification Authority and that it can be relied on to issue trustworthy SSL Certificates. The more applications, devices and browsers the Certification Authority embeds its Root into, the better "recognition" the SSL Certificate can provide.
What is HTTPS?
Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer Protocol (http). HTTPS allows secure ecommerce transactions, such as online banking.
Web browsers such as Internet Explorer and Firefox display a padlock icon to indicate that the website is secure, as it also displays https:// in the address bar.
When a user connects to a website via HTTPS, the website encrypts the session with a digital certificate. A user can tell if they are connected to a secure website if the website URL begins with https:// instead of http://.
How Does SSL Work?
Secure Sockets Layer uses a cryptographic system that encrypts data with two keys.
When a SSL Digital Certificate is installed on a web site, users can see a padlock icon at the bottom area of the navigator. When an Extended Validation Certificates is installed on a web site, users with the latest versions of Firefox, Internet Explorer or Opera will see the green address bar at the URL area of the navigator.