How does SSL work?

2.4 min readCategories: Cyber Security, WebsitePublished On: July 25, 2022Last Updated: November 29, 2022

SSL works by using a process called public-key encryption. In other words, there are two keys: a public key and a private key. The data that is to be encrypted can be done with a public key, and the data is then decrypted by using the private key. When using a key pair, one key is made accessible to anybody who wants to communicate with the other participant. The term used for this is a public key. A private key is a name given to the second key in the key pair, which is kept privately or secretly.

The way SSL works is by ensuring that any information passed between users and websites, or between two devices, should never be accessed by unethical users. SSL employs encryption methods to scramble transmitted data, preventing hackers from reading and rendering it because it travels across the internet. This information contains information that might be considered sensitive, such as names, residences, credit card details, and other financial information.

SSL process works as follows:

  • An SSL-protected website attempt to be connected to a web browser or server (i.e., a web server).
  • The web browser or server asks that the web server identify itself.
  • The web server responds by sending a copy of its SSL certificate to the browser or server.
  • If the SSL certificate is trusted, the browsers or servers verify that. If it does, it notifies the webserver.
  • Once the web server delivers a digitally signed acknowledgment, an SSL connection is established.
  • Thus browser or server and the web server exchange encrypted data.

Another name for this process is “SSL handshake.” Although it seems like a lengthy procedure, but it just takes a few milliseconds. Whenever a website is secured with an SSL certificate, its URL shows HTTPS (HyperText Transfer Protocol Secure) or

If you don’t have an authenticated SSL certificate, all that will show up in the address bar is the letters HTTP, which means that the “S” in “secure” won’t be there. Therefore, the URL address bar will not show a padlock symbol instead it will show a disclaimer symbol saying, “Your connection to this site is not secure.” This shows that your website is not secure and thus users’ data will easily get hacked. But with ‘S’ in your address bar, you are building your trust and giving website visitors confidence.

If you are curious about how to check, just click on the padlock icon in the browser’s address bar to check an SSL certificate’s information. In SSL certificates, the following information is often present:

  • The domain name over which the certification is approved.
  • Which individual, business, or device was it granted to?
  • Which CA (Certificate Authority) issued it?
  • The digital signature of the Trusted CA
  • Related subdomains.
  • Date of the certificate’s issuance.
  • The certificate’s expiration date.
  • The public key (the private key is not revealed).


Go to Top