SSL is used for a variety of purposes. For this article we will be discussing SSL as it used in a web site certificate to secure browsing by a remote client.
A SSL certificate is an electronic “document” that is used to bind together a public security key and a web site’s identity information (such as name, location, etc.) by means of a digital signature. The “document” is issued by a certificate provider such as GlobalSign, Verisign, GoDaddy, Comodo, Thawte, and others.
So what does this actually mean? Let’s break it down into parts:
The name of the web site that is using the SSL certificate along with other relevant details.
Public Security Key
A digital file that is used as part of the encryption/decryption mechanism. While a public key is used to encrypt a message only the corresponding private security key can be used to decrypt it.
For more information please read http://en.wikipedia.org/wiki/Public_key.
A mathematically created structure/file used verify the authenticity of a document or other data.
Basically an SSL certificate is all of these pieces put together using incredibly complex mathematic algorithms and cryptography. The combination of these pieces is part of the process itself, and is used so that several parts confirm and validate each other.
In short, an SSL certificate is designed to demonstrate that the connection is trusted; that the server you are connecting to is actually the server it claims to be.
SSL, TLS, and cryptography are incredibly complex concepts to try and fully understand. If you would like to read a more technical explanation you may want to read the Wikipedia’s page on SSL at http://en.wikipedia.org/wiki/SSL_certificate.