Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £29.99 £19.99. New subscribers only. T&Cs apply

Find out more

Secure Socket Layer (SSL)

In this video, you will learn about secure socket layer (SSL), which is the protocol for encrypting web traffic.
So we’ve mentioned SSL. Let’s take a deeper look at SSL. SSL is the protocol for encrypting web traffic. This is what gives us the green padlock on our website. We said if we generate our own certificate that’s bound to a website, our internal clients within our domain would trust it. External entities would be very unlikely to trust it. We need to use a certificate that has been issued by a trusted certificate authority. Typically the process checks that any..
so when your web browser connects to a HTTPS website, your web browser will check that the certificate has been signed by a trusted certificate authority, that the certificate is valid and has not expired or been revoked, that it matches the domain correctly. So if the certificate applies to the host www and the domain, if the host is slightly different, if the host is, you will see a red padlock, even if the rest of the certificate is valid. So we check that it conforms to the required security standard and that the domain listed on the certificate matches the domain requested by the user. So this is a check performed by the browser.
What you’ll notice now is if you go to or a vast majority of websites, HTTPS is now the default method of access, HTTP is rapidly disappearing. This can be a problem in terms of compatibility for some embedded systems for some older devices, for some low power devices. But Google Chrome now warns you if a site is not using HTTPS. Google Chrome expects by default that HTTPS is in use.
So the Secure Sockets Layer, SSL, is a browser session, and the client creates the session key. So it will create a unique session key that it will send to the server. But before it sends it to the server, it will encrypt it with the public key of the server. And you’ll remember from the diagram that we showed, the only person that can decrypt that, if we’re using the public key of the server, the only person that can decrypt that is the server with the corresponding private key. So the server now can decrypt that message with its private key to gain access to the session key.
So the server then responds with an acknowledgment that is encrypted with the session key that the client can subsequently decrypt. So this is a very fast process. And a very robust process. And again, we’re talking about browsing to websites that potentially, that probably, we do not have an existing trust relationship with. So we are trusting the certificate authority instead. We’re trusting that the certificate authority has taken steps to appropriately verify the binding between the site and the certificate.

In this video, you will learn about secure socket layer (SSL), which is the protocol for encrypting web traffic.

Reflect and share: Using an SSL has been shown to be a robust process that ensures safe browser sessions. How do you approach security in your browser sessions? Share with your fellow learners.

This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now