How does a server certificate work?

A digital certificate is an electronic "credit card" that establishes your credentials when making transactions on the web. The certificate is issued by a Certification Authority (e.g., Thawte Certification Authority). It contains the holder's name, a serial number, expiration dates, a copy of public key (used for encrypting messages and digital signatures), and the digital signature of the certificate issuing authority so that a recipient can verify that the certificate is real. This ensures that information is kept private while in transit between our web server and clients' web browsers.

The end-user's browser requests a secure channel (via "https:") from the server, and then - if the server has a certificate - the browser and the server negotiate their highest common encryption strength (e.g., 128-bits), and then exchange the corresponding encryption keys (this exchange is normally done using 1024-bit encryption strength). The 128-bit encryption key is then used for this particular instance of SSL, for all from-to exchanges between the browser and the server. The next https session will have a new session key. The certificate guarantees the security of the connection between the browser and the server. Once data is in the server, it is up to the server admin to make sure the data remains protected.

Picture1.Thawte Trusted Site Seal