What is an SSL Certificate?

SSL is used for a variety of purposes. For this article, we will be discussing SSL as it used in a website certificate to secure browsing by a remote client.

An SSL certificate is an electronic “document” that is used to bind together a public security key and a website’s identity information (such as name, location, etc.) employing a digital signature. The “document” is issued by a certificate provider such as GlobalSign, Verisign, GoDaddy, Comodo, Thawte, and others.

So, what does this actually mean? Let’s break it down into parts:

Identity Information
The name of the website that is using the SSL certificate along with other relevant details.

Public Security Key
A digital file that is used as part of the encryption/decryption mechanism. While a public key is used to encrypt a message only the corresponding private security key can be used to decrypt it.
For more information about encryption/decryption, please read the info in the link.

Digital Signature
A mathematically created structure/file used verify the authenticity of a document or other data.

Basically, an SSL certificate is these pieces put together using incredibly complex mathematics algorithms and cryptography. The combination of these pieces is part of the process itself, and is used so that several parts confirm and validate each other.

In short, an SSL certificate is designed to demonstrate that the connection is trusted; that the server you are connecting to is actually the server it claims to be.

SSL, TLS, and cryptography are incredibly complex concepts to try and fully understand. If you would like to read a more technical explanation you may want to read the Wikipedia’s page on SSL.