How do TLS/SSL certificates work?

Encryption and domain verification together make a website secure, encrypted and safe to use

Securing your data in transit--and brand identity

Transport Layer Security (TLS) certificates, also known as Secure Sockets Layer (SSL), are essential to protecting internet browser connections and transactions. They ensure that your website displays a secure message, and that the identity of the domain owner is verified.

TLS/SSL is the standard security technology that works behind the scenes to keep your online transactions and logins secure—here is how it works.

Creating a secure connection

Invisible to the end-user, a process called the “TLS/SSL handshake” creates a protected connection between your web server and web browser nearly instantaneously every time you visit a website. Websites secured by a TLS/SSL certificate will display HTTPS and the small padlock icon in the browser address bar. TLS/SSL certificates are used to protect both the end users’ information while it’s in transfer, and to authenticate the website’s organization identity to ensure users are interacting with legitimate website owners.

How TLS Works Diagram Mobile
How TLS Works Diagram

The TLS/SSL handshake process

Step 1

Each TLS certificate consists of a key pair made of a public key and private key. These keys are important because they interact behind the scenes during website transactions.

Step 2

Every time you visit a website, the client server and web browser communicate to ensure there is a secure TLS/SSL encrypted connection.

Step 3

When a web browser (or client) directs to a secured website, the website server shares its TLS/SSL certificate and its public key with the client to establish a secure connection and a unique session key.

Step 4

The browser confirms that it recognizes and trusts the issuer, or Certificate Authority, of the SSL certificate—in this case DigiCert. The browser also checks to ensure the TLS/SSL certificate is unexpired, unrevoked, and that it can be trusted.

Step 5

The browser sends back a symmetric session key and the server decrypts the symmetric session key using its private key. The server then sends back an acknowledgement encrypted with the session key to start the encrypted session.

Step 6

Server and browser now encrypt all transmitted data with the session key. They begin a secure session that protects message privacy, message integrity, and server security.

Have questions about securing your website?

By supplying my personal information and clicking submit, I agree to receive communications about DigiCert products and services, and I agree to DigiCert and its affiliates processing my data in accordance with DigiCert's Privacy Policy.

Submit