SSL Certificates
SSL Certificates are the backbone of internet security. Although you can use a self-signed certificate for internal encryption purposes, it will not be recognized by other servers, causing browsers to give an untrusted site- alert of just refuse to connect.

A certificate signed by a trusted authority such as Geotrust, Globalsign, Verisign, Thawte, Comodo or others is essential for e-commerce. Certificates have to be renewed at periodic intervals, and prices vary considerably.

Some authorities offer free trial certificates, which you can use to test your configuration. SSL certificates rely on encryption using private/public key pairs. The process for obtaining a secure SSL certificate varies depending on your ISP, but the basic steps are as follows:
Produce a Certificate Signing Request (CSR)
A CSR or Certificate Signing request is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country. It also contains the server's public key. A private key, which is stored on the server, is usually created at the same time that you create a CSR. At no point should you expose the private key.


2. Upload the CSR to a Valid Certificate Authority
the certificate authority will use your CSR to produce a trusted certificate, which you can then download and apply.

3. Apply the Signed Certificate to Your Site once you've applied the certificate to your site, connecting browsers will be able to authenticate your site using the certificate.


How SSL certificate Works


When a browser makes a secure page request (https://) to your server, 'it will reply to by sending its certificate and public key.

The browser will check the certificate is valid, (i.e. not expired or revoked), issued by a trusted root authority and matches the name of the website. It then uses the server's public key to produce a symmetric key, which it sends to the server. The server decrypts this using its private key and a secure connection is established.