What do I need an SSL certificate for?

TLS, or Transport Layer Security Protocol, succeeded SSL as the standard for encrypting data transmitted over the internet. Historically, SSL was employed to ensure safe connections to websites, especially in scenarios where users shared sensitive details, like during online transactions or banking.

When a user types a website’s address into their browser and SSL or TLS is active, a series of steps occur to safeguard the connection. Initially, the web server supplies the browser with its public key and a certificate. The browser then verifies the legitimacy of the certificate. After successful verification, the browser formulates a unique number based on the server’s public key and relays it back to the server. This exchange ensures that only the server, using its private key, can decrypt what the browser sends. This procedure not only shields users from potential phishing attempts but also adds an extra layer of encryption that is deemed highly secure.

However, the entire process, particularly key creation, is resource-intensive. The bulk of these operations happen server-side, leading to possible delays in connecting to sites hosted on less powerful servers. Another limitation is that SSL isn’t suited for connections where only segments of the message should be accessible to multiple recipients since it encrypts the full content.