PHPMatters Help You Better Hosting Your PHP-based Sites
What is Secure Socket Layer (SSL) & Why It Is Necessary

What is Secure Socket Layer (SSL) & Why It Is Necessary

The rapid development of the Internet brings us much convenience, but also causes some sensitive information leakage at the same time. In this case, Secure Socket Layer is used to protect the security of the Internet, specifically the data transmission on the web.

In this post, our editors intend to give you a comprehensive understanding of Secure Socket Layer and the necessity of using it.

What is Secure Socket Layer

secure socket layerSecure Socket Layer, often abbreviated as SSL, is a security technology that is developed by Netscape. To be specific, it is a security protocol that is applied in creating an encrypted link between a web server and a browser, so as to protect the transferred link and data away from being eavesdropped by hackers.

That is to say, if the website is secured by Secure Socket Layer, then your private information like credit card numbers is transferred securely, and attackers are unable to read as well as make use of your sensitive information.

How about SSL Certificate

To work the SSL protocol successfully on the website, you should install SSL certificate on your web server first. The browsers would only trust the certificates from organizations in their trusted CA (Certificate Authority) list. The SSL certificates play a role in identifying the authentication of the organization and creating an encrypted connection between a web browser and the SSL-secured site. Note that the encrypted connection is created by the key pair -including a public key and a private key – contained in SSL Certificate.

Generally, after the installation of the SSL certificate, there would be a padlock icon on the web browser and the address bar would turn in green. In addition, the url would begin with “https” instead of the common “http”. The image below is an example.

url example

How Does It Work

When company A intends to secure the communication between its web server and a customer’s browser, the first thing it needs to do is to establish a private key as well as a public key. Then company A should go to a reliable third party B to prove its identity, and verify its company domain as well. After that, company A would receive a new public key which contains all the information verified before, and the information is encrypted with B’s private key. Above is the server authentication phase.

Now it comes to the customer’s authentication.


Firstly, the user’s browser tries to connect to the SSL-secured website of company A, and it requires the web server to prove its authentication.

Secondly, the web server provides the SSL certificate as well as the public key.

Thirdly, the browser verifies all the information and decides whether to trust it. If the server is not trusted by the browser, then the communication between them is terminated. Otherwise, the browser creates a symmetric key, namely a password, and encrypts it with the received public key, and then sends it back to the server.

Then, the server decrypts the information and successfully gets the password.

Thus, the customer starts the communication with company A, and he can feel free to enter his private information.

Why It Is Necessary

secureSecure Socket Layer benefits both web visitors and companies.

On the one hand, more and more people often register their user accounts on various websites and choose to shop online for the convenience brought by the Internet. However, all the sensitive private information such as usernames, passwords and credit card numbers are likely to be leaked to hackers and bad guys who steal people’s personal information if the website is not SSL secured.

On the other hand, a company protected by SSL can always win the trusts from customers and gains more sales. Just imagine that if a customer is visiting an online shop without the protection of SSL, how could they feel free to complete the transaction?

Actually, as it is so important to guarantee the web security and sensitive data, many web hosts have included SSL in their hosting packages, such as BlueHost, InMotion Hosting and Arvixe to offer better services. More options can be found in this hosting page.

You can also learn more about how to increase the security of your website by visiting this page.