SSL = Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers.By convention, URLs that require an SSL connection start with https: instead of http:.
In Simple Terms : A secure connection.
Encryption — Both request and response bodies are protected from intermediate prying eyes.
Server authenticated — Clients who record the server's SSL certificate can monitor it to ensure it does not change over time (which could indicate a man-in-the-middle attack). Using a certificate signed by a signing authority can also provide a similar level of assurance for the client application.
Easy setup — No additional coding required, just configure the web server.
Increased load — Encrypting and decrypting communications is noticeably more CPU-intensive than unencrypted communications. Every request requires additional back and forth communications to set up the secure socket.
No client identification — Using an SSL
Additional client-side requirements — Handling SSL from the client side isn't always trivial, and languages may require additional extensions installed (which may or may not be available in a shared host environment).
SSL is an excellent layer to add to any API. It provides security for the request and response payloads, as well as provides some assurance for the client application as to the identity of the server. It is easily combined with either HTTP authentication or message-based authentication. Some care, however, should be taken not to use SSL unnecessarily, because it has additional requirements for the client application that not all developers may be able to meet, and it places additional CPU load on both sides as messages are encrypted and decrypted.
When customers visit a website to make an online purchase, they want to know who they'll be paying and that the personal information they submit to the site cannot be intercepted. This is the purpose of an SSL digital certificate.
Use of SSL (Secure Socket Layer) and a digital certificate enable a web browser (your customer) to communicate securely with your website, assuring the customer of 3 things:
1. That the website really is who it claims to be.
2. That credit card numbers, etc are encrypted and cannot be intercepted.
3. That the data sent and received cannot be tampered with or forged.
· 1 decade ago