How Server Certificates Work

Previous Next

See Also

Server certificates take advantage of TLS to work seamlessly between your web site and your visitors' web browsers. This is how the process works:

1. A customer contacts your site, accessing a secured URL (indicated by a URL that begins with "https:" instead of just "http:" or by a message from the browser). When a web-connection uses SSL, it connects to port 443 instead of port 80. This causes the prefix of a web address to start with HTTPS (443) instead of HTTP (80).
2. Your web server responds, automatically sending the customer your site's digital certificate, which authenticates your site.
3. Your customer's web browser generates a unique "session key" to encrypt all communications with the web site.
4. The user's browser encrypts the session key itself with the site's public key so only the site can read the session key.
5. A secure session is now established. It all takes only seconds and requires no action by the user. Depending on the browser, the user may see a key icon becoming whole or a padlock closing, indicating that the session is secure. If your site doesn't have a digital certificate, visitors will see a warning message when they attempt to offer credit card or personal information.

Related Topics:

A Server Certificate is Domain/Web Site specific

Help with Certificates