Understanding the complexities of online security products at Symantec isn’t for everyone, but if you’re a business owner that wants to get a little savvier about SSL certificates and online security, having a general idea can certainly help.
One of the major Symantec website security solutions is the provision of SSL certificates to websites, for the purpose of server or website authenticity and data encryption. Understanding the basic processes can help you to get to grips with the concept of SSL certificates and how they work. Part of the process is the handling of public and private keys, which will be explained below, with regards to a consumer transaction (such as on Amazon or similar):
When a consumer heads onto the website to buy a product, the browser begins the SSL handshake by requesting a secure web page using the https:// protocol. When this is being processed, the digital certificate is also sent to the browser to verify the ownership of the site so that the consumer knows it can be trusted.
After checking the certificate against a list of Certificate Authorities to check its validity, information is encrypted using the public key. For example, login details or credit card information will be ciphered so that third party attacks won’t cause compromise.
Once this information is encrypted, it is sent to the recipient server. There, there will be a private key that, if it matches, will be able to decipher the encrypted information. The private key must match the public key to confirm the authenticity of the server and the process as a whole.
The SSL handshake process essentially enables the secure transfer of sensitive data from browser to server, while also verifying the authenticity of the whole operation. Without this, the risk of compromise escalates and consumer confidence plummets.