How TLS/SSL Certificates Work Hero
How TLS/SSL Certificates Work

A lock, two keys,
strong identity, and
gold standard encryption

Establishing trust from the back end of eCommerce
websites to delivery at your front door. That's digital
trust for the real world.

Securing online transactions and domain identities

Transport Layer Security (TLS) certificates, also known as Secure Sockets Layer (SSL), are essential to securing internet browser connections and transactions through data encryption. TLS/SSL is the standard security technology that works behind the scenes to keep your online transactions and logins secure—here’s how it works.

Invisible to the end-user, a process called the “TLS/SSL handshake” creates a protected connection between your web server and web browser nearly instantaneously every time you visit a website. Websites secured by a TLS/SSL certificate will display HTTPS and the small padlock icon in the browser address bar. TLS/SSL certificates are used to protect both the end users’ information while it’s in transfer, and to authenticate the website’s organization identity to ensure users are interacting with legitimate website owners.

The TLS/SSL handshake process

  1. Each TLS certificate consists of a key pair made of a public key and private key.
    These keys are important because they interact behind the scenes during website transactions.
  2. Every time you visit a website, the client server and web browser communicate to ensure there is a secure TLS/SSL encrypted connection.
  3. When a web browser (or client) directs to a secured website, the website server shares its TLS/SSL certificate and its public key with the client to establish a secure connection and a unique session key.
  4. The browser confirms that it recognizes and trusts the issuer, or Certificate Authority, of the SSL certificate—in this case DigiCert. The browser also checks to ensure the TLS/SSL certificate is unexpired, unrevoked, and that it can be trusted.
  5. The browser sends back a symmetric session key and the server decrypts the symmetric session key using its private key. The server then sends back an acknowledgement encrypted with the session key to start the encrypted session.
  6. Server and browser now encrypt all transmitted data with the session key. They begin a secure session that protects message privacy, message integrity, and server security.


By supplying my personal information and clicking submit, I agree to receive communications about DigiCert products and services, and I agree to DigiCert and its affiliates processing my data in accordance with DigiCert's Privacy Policy.