A secure, SSL-encrypted connection is established via the SSL “handshake“ process, which transpires within seconds — transparently to the end user. In essence, the SSL “handshake“ works thus:
When accessing an SSL-secured Web site area, the visitor’s browser requests a secure session from the Web server.
The server responds by sending the visitor’s browser its server certificate.
The browser verifies that the server’s certificate is valid, is being used by the Web site for which it has been issued, and has been issued by a Certificate Authority that the browser trusts.
If the certificate is validated, the browser generates a one-time “session“ key and encrypts it with the server’s public key.
The visitor’s browser sends the encrypted session key to the server so that both server and browser have a copy.
The server decrypts the session key using its private key.
The SSL “handshake“ process is complete, and a secure SSL connection has been established.
A padlock icon appears in the browser’s status bar, indicating that a secure session is under way