How SSL certificates work
How SSL Works¶
The logic behind SSL certificates is to encrypt traffic between a client (commonly a web browser) and the server. This prevents interception of the traffic. The client encrypts data using the server's public key and the server decrypts the data using it's private key. This is known as Public Key Infrastructure or PKI.
In a nutshell, this is basically how it works (note: this is simplified):
Once the secure connection is established, traffic is encrypted and cannot be decoded by anyone without the private key.
- The client requests a secure connection to the server.
- The server sends the client a copy of it's SSL certificate.
- The client verifies the certificate is valid and trusted.
- The client generates a random symmetric key and encrypts it using the server's public key.
- The client sends the encrypted symmetric key to the server.
- The server decrypts the symmetric key using it's private key.
- The server and client use the symmetric key to encrypt and decrypt data during the session.