SSL certificates use something called public-key cryptography.
This particular type of encryption harnesses the power of two keys that are long strings of randomly generated numbers. One is called a private key, and the other is called a public key. A public key is known to the server and available in the public domain. Users can use it to encrypt any message. If Alice is sending a message to Bob, she will lock it with Bob’s public key, but the only way to decrypt it is to unlock it with Bob’s private key. Bob is the only one who has his private key, so Bob is the only one who can use it to unlock Alice’s message.
If a hacker intercepts the message before Bob opens it, all he’ll get is an encryption code that he can’t display correctly.
If we look at this in terms of a website, the communication is between a website and a server. Your website and your servers are Alice and Bob.
Why do I need an SSL certificate?
SSL certificates protect your sensitive information such as credit card information, usernames, passwords, etc.
SSL certificates must issue a trusted certificate authority (CA) and you can buy it at . Browsers, operating systems, and mobile devices maintain lists of trusted CA root certificates.
The root certificate must be present on the end user’s machine for the certificate to be trusted. If it is not trusted, the browser will present untrusted error messages to the end-user. In e-commerce, such error messages cause an immediate lack of trust in the website, and organizations risk losing trust and consumer business.