The SSL technology encrypts communication over HTTP. SSL is supported by a wide range of browsers and ensures that a spy (“bad guy”) can’t simply decipher information exchanged between a client and a web server. SSL is important for hiding sensitive information such as:
– Credit card numbers
– Confidential company documents and details
SSL is also strongly important for user authentication. When you are planning to create a login page where the user submits a user name and password, you must use SSL technology to encrypt this information. Otherwise, a malicious user could intercept the user credentials and use them to log on to the system.
SSL operates over HTTP and using SSL does not modify the way you deal with HTTP requests. All the encryption and decryption work is taken care or by the SSL capabilities of the web server software IIS, Apache, etc. The only difference is that the URL for addresses protected by SSL begins with https:// rather than https://. SSL traffic also flows typically over a different port (443 for SSL requests and 80 for normal requests).
For a server to support SSL connections, it must have an installed X.509 certificate (the name X.509 was chosen to correspond with the X.500 directory standard). To implement SSL, you need to purchase a certificate, install it, and configure web server appropriately.