SSL (Secure Sockets Layer) is a standard technology behind establishing an encrypted connection between a web server
(host) and a web browser (client).
SSL stands for Secure Sockets Layer. SSL is the standard implementation for establishing a secure and encrypted link between two points on the internet.
This connection between the two makes sure that all the data passed between them remain private and intrinsic. SSL is an industry standard and is used by millions of websites to protect their online transactions with their customers. If you have ever visited a website using the https:// in the address bar you were creating a secure connection via SSL. If you have an eshop or sell items via your website, SSL helps in establishing trust with your customers.
Time and again, we hear of incidents involving identity theft, stealing of account passwords, installation of malware from web sources, and even ransomware. All of these security breaches have a certain attack vector in common, and that is social engineering – when you’re tricked into clicking on a link you’re not supposed to, and when you open files or applications from dubious sources. It’s an easy mistake to make, especially when the website looks legitimate, but it’s also easy to avoid — if you know what SSL is.
Suppose you want to open an account with your local bank. You approach the teller, but she does not want to open one for you, since she does not know you (and since your account will be the basis for future transactions). One option is for the bank to call the authorities (the state department for example, or social security, or the department of motor vehicles) since they have your identification.
But that seems to be tedious, so she asks for identification, instead. You provide your passport, which contains your personal details, biometrics, etc. This serves as the document that authenticates your identity. However, the document in itself does nothing exceptional except identify you. You cannot use it to withdraw money from your bank, per se.
However, because your passport is an identifying document issued by a trusted authority (the government, the state department in particular), you can use it to open an account, acquire and ATM card, which you can then use to withdraw from the bank.
Similarly, the same scenario happens when you are accessing a secure website. Your client seeks authentication and identification from the web server, which it presents through its SSL certificate. The website cannot simply say “I am bank of America” — it needs a trusted certificate provider to establish this identity. This actually takes the form of an SSL handshake, which is a back-and-forth communication to establish a connection and identification before the web browser actually requests the needed information.