SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. To create https connection, an SSL certificate (also referred to as a “digital certificate”) is installed on a web server and serves two functions:It authenticates the identity of the website and encrypts the data that’s being transmitted.

Information in SSL Certificate

Level of validation

How does SSL certificate authenticate the identity of the website

SSL certificates help in verifying that a client is talking to the correct server that actually owns the domain. This helps in preventing domain spoofing and other kinds of attacks. The SSL certificate has the domain name of the website as well as the public key of the website. SSL certificates are issued by Certificate Authorities (CAs), organizations that are trusted to verify the identity and legitimacy of any entity requesting a certificate.The certificate is signed by CA(certificate authority). The CA signs the certificate with thier own private key. The client can verify the signature with public key of CA.  For "well known Certificate Authorities" the public root certificate is pre installed in the browser and/or computer you are using ie Browsers come with a set of pre-installed CA certificates and only trust sites signed by any of the pre-installed CA certificates.If the verification is successful client knows for sure the public key of the domain. Any data encrypted by this key can only be decrypted by owner of domain as only the owner of the domain has the private key.

How does SSL certificate encrypt the data transmitted.

SSL/TLS encryption is possible because of the public-private key pairing that SSL certificates facilitate. The public key of domain is part of SSL certificate .

What is a self signed certificate.

The certificate can be signed by any private key . Clarifyforme.com can create  a second pair of keys and sign the certificate with the private key. The browser will extract the signing authority from certificate and determine that signing has not been done by trusted authority.Being your own CA has the inconvenience that you must install your own CA root certificate in all clients (browsers/phones/tablets) that visit any of the servers with a certificate signed by your root CA. Hence it is more valuable in staging environment.