SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol.

The most common and well-known use of SSL is secure web browsing via the HTTPS protocol. A properly-configured public HTTPS website includes an SSL certificate that is signed by a publicly trusted CA. Users visiting an HTTPS website can be assured of:

  • Authenticity. The server presenting the certificate is in possession of the private key that matches the public key in the certificate.
  • Integrity. Documents signed by the certificate (e.g. web pages) have not been altered in transit by a man in the middle.
  • Encryption. Communications between the client and server are encrypted.

Because of these properties, SSL and HTTPS allow users to securely transmit confidential information such as credit card numbers, social security numbers, and login credentials over the internet, and be sure that the website they are sending them to is authentic. With an insecure HTTP website, these data are sent as plain text, readily available to any eavesdropper with access to the data stream. Furthermore, users of these unprotected websites have no trusted third-party assurance that the website they are visiting is what it claims to be.

Look for the following indicators in your browser’s address bar to be sure that a website you are visiting is protected with a trusted SSL certificate (screenshot from Firefox 70.0 on macOS) :

  • A padlock icon to the left of the URL. Depending on your browser and the type of certificate the website has installed, the padlock may be green and/or accompanied by identifying information about the company running it.
  • If shown, the protocol at the beginning of the URL should be https://, not http://. Note that not all browsers display the protocol.

Modern desktop browsers also alert visitors to insecure websites that do not have an SSL certificate. The screenshot below is of an insecure website viewed in Firefox, and shows a crossed-out padlock to the left of the URL: