Confirmation of Identity

The party receiving the information (i.e. the party controlling the server) is the party to whom the communication is intended (i.e. not some wily imposter).

Non-interception

The user's information will not be intercepted and interpreted (by some wily eavesdropper) between the user's browser and the server.

The assurances obtained by SSL Certificates are a necessity for all e-commerce implementations and any communication in which confidential information is exchanged. Internet browsers can rest assured that their communications are secured by a properly authenticated SSL certificate as evidenced by the appearance of a little padlock in the frame of their Internet browser.

Technically, an SSL certificate is a statement digitally signed by a Certification Authority (CA) that uses a properly authenticated Private Key/Public Key pair to bind a public key to an identity. This provides independent confirmation of the identity of an entity. More formally, a certificate is a computer-based record which:

1. Identifies the Certification Authority issuing it
2. Names, identifies, or otherwise describes an attribute of the subscriber
3. Contains the subscriber's public key
4. Contains the digital signature of the CA issuing it
5. Provides a date range over which the certificate is valid

To obtain an SSL certificate, a Private Key/Public Key Pair must be generated on the server and then authenticated by a Certificate Authority (CA), which has the requisite recognition in the browser software.