What are secure web sites and SSL certificates?

A secure web site uses encryption and authentication standards to protect the confidentiality of web transactions.

Currently, the most commonly used protocol for web security is SSL, or Secure Sockets Layer. In addition to providing security for HTTP (web hypertext) transactions, SSL works with other TCP/IP standards such as IMAP mail and LDAP directory access. For a security standard such as SSL to work, your browser and the web server must both be configured to use it.

When you connect to a web site using SSL, your browser asks the server to authenticate itself, or confirm its identity. The authentication process uses cryptography to verify that a trusted independent third party, or certificate authority, such as Thawte or VeriSign, has registered and identified the server. SSL can also authenticate connecting users or their computers.

In addition, SSL encrypts the data that you send, and incorporates a mechanism for detecting any alteration in transit, so that eavesdropping on or tampering with web traffic is almost impossible. This is essential for safely transmitting highly confidential information such as credit card numbers.

Practically all current browsers are set up by default to accept SSL certificates from most established certificate authorities, and to notify you when you are entering or leaving secure sites, including secure areas of comprehensive sites.

For a detailed discussion of the SSL protocol, see:


For a general discussion of web security, see:


Information supplied courtesy of the Indiana University UITS Knowledge Base.