Certification & Certificate Agencies

The following includs both the symmetric and asymmetric parts of the encryption, but also, for this section, you can focus on the role of the certificates and the Certificate Agency.
(Taken from https://www.digicert.com/ssl.htm)

I will bold the parts specifically about the certificate and Certificate Agency. (The rest is a good review of SSL.)

Server Browser Communication

Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself.
Server sends a copy of its SSL Certificate, including the server’s public key.
Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
Server and Browser now encrypt all transmitted data with the session key.

Wikipedia on Certification Authorities.

Webopedia on Certfication Authorites.

Extended Validation Digital Certificate - (Often refered to as "EV Digital Certificates)

JSR Note: For this Case Study, to be used just this year, I am not going to worry about copying and pasting. I'll just note from where it was done. In this case:
https://www.globalsign.com

As the highest ‘class’ of SSL available, Extended Validation SSL Certificates (EV SSL) activate both the padlock and the green address bar in all major browsers. EV SSL Certificates provide the strongest encryption level available and enable the organization behind a website to present its own verified identity to website visitors. EV SSL Certificates offer a stronger guarantee that the owner of the website passed a thorough, and globally standardized, identity verification process defined within the EV guidelines (a set of vetting principles and policies ratified by the CA/Browser forum). The Extended Validation identity verification process requires the applicant to prove exclusive rights to use a domain, confirm its legal, operational and physical existence, and prove the entity has authorized the issuance of the Certificate.

How can I recognize websites using EV SSL Certificates?

A website using EV SSL Certificate will activate highly visible indicators directly on the browser address bar:

The green address bar, https:// and the padlock icon
The name of the Organization that owns the website and the name of the Certificate Authority that issued the EV SSL Certificate

Website with EV SSL Certificate on Chrome

Website with EV SSL Certificate on IE

Website with EV SSL Certificate on Safari

Website with EV SSL Certificate on Firefox

Certificate Agency -

Basically certificate agencies are organizations whose job it is to look into the trustworthiness of web sites who are seeking SSL status. They check their business record, to see if they have any criminal record, etc. So they offer a "stamp of approval" to a website, so that others can trust them.

For a general understanding of their role:

https://www.youtube.com/watch?v=SJJmoDZ3il8

Here are the main Certificate Agencies: You'll note that VeriSign is the biggest of these.

And this is from the actually not bad, overall, YouTube video:

https://www.youtube.com/watch?v=ffJKjX0dKvg