– Secure Socket Layer (SSL) will provide secure communication between client and web service.
– The secure communication will be provided with encryption and decryption.
– This is strongly recommended when there is a sensitive data transmitted between client and web service. The sensitive information can be a credit card number, bank account number etc.
– The encryption and decryption services will be provided by a Certification Authority (CA). The well-known certification authority will be verysign, awte.
– The certification authority will provide encryption at various bit labels like 64 bit, 128 bit etc. When the bit label is high security will be more.
– The Certification Authority (CA) will charge for providing services.
– The company should purchase a certificate from CA and the certificate will be provided with a private and public key.
– The certificate has to be configured with the website to implement SSL.
– The web site configured with SSL should run on port number 443.
– The web site configured with SSL cannot communicate with HTTP protocol, it requires https protocol.
– When a client makes a request to the website, the public key will be given to the client. When a client submits data, encryption will take place based on the public key. The encrypted data will be sent to the web server. The web server will perform decryption with the matching private key. Then the request will be processed.
The response will be encrypted based on the private key. Then it will be sent to the client system. It will decrypt with the public key and result will be given to the client.