A digital certificate is a type of technology that allows Internet users to exchange data in a secure manner. It does this using what is known as public key infrastructure (PKI).
Digital certificates contain the hostname and often feature further information about the person or organisation using them — what is essentially their digital identity. Digital certificates work in tandem to form a key pair. A digital certificate key pair is made up of a public key and a private key. This key pair is vital for encrypting communication over the Internet. In other words, when a website and a user are communicating via the Internet, the digital certificates confirm the legitimacy of the website the user is connecting with, and keeps the information sent between the two safe.
The SSL protocol needs digital certificates to function
While the digital certificate keypair is integral to private communication, the SSL (secure sockets layer) protocol is needed to carry out the actual encryption and validation. The SSL protocol is set up on the server where your website is hosted, and basically communicates how the digital certificates will be used (for encryption and decryption).
When an SSL certificate is being created, the private key is generated on the server, either before or at the same time as the Certificate Signing Request (CSR). While the private key remains on the server and is never shared with anybody, the CSR is submitted to a Certificate Authority (CA), such as Sectigo. The CSR contains information about your web server and organization, which the Certificate Authority checks and validates. Once validated, the CA will send the public key. You will then have the key pair necessary for SSL certificates to work.
How SSL certificates utilize digital certificate key pairs
SSL certificates keep a connection secure by using a process called Public Key Cryptography. Essentially, when a user sends information via their web browser to your website, the public key will encrypt the data. It can only be decrypted with the related private key. When a client (browser) connects to the server where your website is hosted, they exchange messages about the protocols and cipher suites they support. After that, the web browser will confirm whether or not the site’s SSL certificate is legitimate, and if it is, a session key is created. This encrypts the connection between the server and the client. This process is known as the SSL handshake. The session key is a temporary key and is used only during one specific session a user has with your site. A new session key is created each time someone visits your site.