SSL certificate security

Secure Sockets Layer (SSL) certificate security is based on a trust pyramid. At the base of the pyramid are a number of known Root Certification Authorities. These Root Certification Authorities issue certificates to an organization only after the trustworthiness of that organization has been audited. In turn, that organization itself might be given the right to become a Certificate Authority and can issue certificates to organizations or business units that it trusts. This chain of certificate issuance continues down to the certificate on the server that actually processes transactions, called the End Certificate, and forms a Certification Path.

When a visitor initiates an HTTPS connection, their browser requests the certificate of the server performing the transaction and inspects that certificate for trustworthiness. This process is done by inspecting the properties of the certificate, and also by inspecting the properties of all certificates in the certification path. If any of those certificates are determined not to be trustworthy, the visitor is advised that they should not trust the transaction.