=== SSL Overview ===
\\
== Certificate ==
The SSL certificate contains information about the certificate:
\\
- Domain Name(s)
\\
- Public Key
\\
- Company
\\
- Issue Date
\\
- Expiry Date
\\
- Issuer
\\
And more
\\
\\
Client encrypts their messages with a public key supplied by the website that ONLY the server can decrypt with their private key
\\
NOTE: This private key needs to be stored in a safe location on the server with the correct permissions and so it is NOT accessible by anyone outside the server
\\
\\
== Step 2 ==
To prevent a 'man-in-the-middle' attack on the certificate, this cert is cryptographically signed by someone else's private key so that the signature can be verified by anyone who has the corresponding public key.
\\
== Certificate Authorities ==
Certificate Authorities (CA) sells their private key as a service to sign certificates for companies. 
\\
A private key from a vendor such as 'Thawte', 'Verisign' etc can be used as nobody else can gain access to this key. NO one can forge their signature.