HTTPS SSL

from http://help.globalscape.com/help/secureserver3/HTTPS1.htm

HTTPS
HTTPS is the protocol for accessing a secure Web server where authentication and encrypted communication is possible.  Using HTTPS in the URL instead of HTTP directs the message to a secure port number rather than the default Web port number of 80. The default TCP/IP port of HTTPS is 443.  The session is then managed by a security protocol.  HTTPS encrypts the session data using the SSL (Secure Socket Layer) protocol ensuring reasonable protection from eavesdroppers and man-in-the-middle attacks.   

Secure Socket Layer (SSL) is a protocol for encrypting and decrypting data across a secure connection from a client to a server with SSL capabilities. The server is responsible for sending the client a certificate and a public key for encryption. If the client trusts the server's certificate, an SSL connection can be established. All data passing from one side to the other will be encrypted. Only the client and the server will be able to decrypt the data. The SSL protocol is the same protocol used in FTPS.  Additional information on how SSL works is available under the FTPS section FTPS, SSL, and TLS. 

Elements that work together to establish a secure HTTPS connection: 

Client: The client must have SSL capabilities. 

Certificate: Certificates are digital identification documents that allow both servers and clients to authenticate each other. A certificate file has a .crt extension. Server certificates contain information about your company and the organization that issued the certificate (such as Verisign or Thawte) while client certificates contain information about the user and the organization that signed the certificate. You can choose to either trust or distrust a certificate. In some cases, the client's certificate must be signed by the server's certificate in order to establish an SSL connection. 

Session Key: The client and the server use the session key to encrypt data. It is created by the client via the server’s public key. 

Public Key: The client encrypts a session key with the server’s public key. It does not exist as a file, but is produced when a certificate and private key are created. 

Private Key: The server's private key decrypts the client's session. The private key has a .key extension and is part of the public-private key pair. 

Certificate Signing Request: A certificate signing request is generated each time a certificate is created. A certificate signing request has a .csr extension. This file is used when you need to have your certificate signed. Once the Certificate Signing Request file is signed, a new certificate is made and can be used to replace the unsigned certificate. 

Note:

In web pages that use HTTPS, the URL begins with 'https://' rather than 'http://'. HTTP clients should connect using standard requests (i.e. https://domain_name). Secure FTP Server can be set up to provide connecting clients with a certificate and even require that the client provide a certificate upon connect (to further validate the client's identity).