About secure websites and SSL/TLS certificates

Generally, secure websites use encryption and authentication standards to protect the confidentiality of web transactions.

Currently, the most commonly used protocol for web security is TLS, or Transport Layer Security. This technology is still commonly referred to as SSL, or Secure Sockets Layer, a predecessor to TLS. In addition to providing security for HTTP (web hypertext) transactions, TLS works with other TCP/IP standards such as IMAP mail and LDAP directory access. For a security standard such as TLS/SSL to work, your browser and the web server must both be configured to use it.

When you connect to a website using TLS, your browser asks the server to authenticate itself, or confirm its identity. The authentication process uses cryptography to verify that a trusted independent third party, or certificate authority, such as Sectigo or VeriSign, has registered and identified the server. TLS can also authenticate connecting users or their computers.

In addition, TLS encrypts the data that you send, and incorporates a mechanism for detecting any alteration in transit, so that eavesdropping on or tampering with web traffic is almost impossible. This is essential for safely transmitting highly confidential information such as credit card numbers.

Nearly all current browsers are set up by default to accept SSL certificates from most established certificate authorities, and to notify you when you are entering or leaving secure sites, including secure areas of comprehensive sites.

If the page also includes content retrieved through a regular HTTP connection, the connection is only partially encrypted. This is called a web page with mixed content. For more on mixed content, see Enabling mixed content in your browser.

For a detailed discussion of the TLS/SSL protocol, see What is TLS/SSL? For a general discussion of web security, see the W3C Web Security page.