SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications. SSL is the predecessor to the modern TLS encryption used today.
A website that implements SSL/TLS has "HTTPS" in its URL instead of "HTTP."
In order to provide a high degree of privacy, SSL encrypts data that is transmitted across the web. This means that anyone who tries to intercept this data will only see a garbled mix of characters that is nearly impossible to decrypt.
SSL initiates an authentication process called a handshake between two communicating devices to ensure that both devices are really who they claim to be.
SSL also digitally signs data in order to provide data integrity, verifying that the data is not tampered with before reaching its intended recipient.
There have been several iterations of SSL, each more secure than the last. In 1999 SSL was updated to become TLS.
Originally, data on the Web was transmitted in plaintext that anyone could read if they intercepted the message. For example, if a consumer visited a shopping website, placed an order, and entered their credit card number on the website, that credit card number would travel across the Internet unconcealed.
SSL was created to correct this problem and protect user privacy. By encrypting any data that goes between a user and a web server, SSL ensures that anyone who intercepts the data can only see a scrambled mess of characters. The consumer's credit card number is now safe, only visible to the shopping website where they entered it.
SSL also stops certain kinds of cyber attacks: It authenticates web servers, which is important because attackers will often try to set up fake websites to trick users and steal data. It also prevents attackers from tampering with data in transit, like a tamper-proof seal on a medicine container.
These require businesses to prove their control over just the domain name. The certificate contains the domain name that was supplied to the issuing authority as part of the request. Because the identity of the organization is not checked here, Domain Validated certificates are the most basic level of SSL certification, and are only appropriate for test servers and internal links.
This requires the applicant to not only prove they own the domain name they wish secure, but also prove that their company is registered and legally accountable as a business. The issued certificate is then proof of domain and company name. This level of authentication is suitable for public-facing websites that collect personal data from site users. Note that individuals cannot obtain such certificates, only organizations and businesses.
Extended Validation SSL helps protect users from providing their details to fake website which can be used by criminals for phishing. EV SSL requires both of the above validations for domain and company as well as several additional verification steps related to proving that the SSL certificate belongs to a registered company. This extra company information is then represented in the issued certificate on the address bar and can be accessed from many web browsers by clicking on the padlock icon. When visiting a site with EV SSL many browsers exhibit a green address bar as a highly visual sign of trust in the website and business to handle personal information. This type of certificate is also available to organizations and businesses only.