The Secure Sockets Layer / Transport Level Security system that underpins secure connections on the Web does more than just scramble information. It also checks the identities of sites to which you securely connect to ensure that they are who you say they are. Those proofs of identities, called certificates, get stored in your computer's memory until you restart it or clear the SSL state.
When your Web browser initiates an SSL connection, it asks the server on the other end for a copy of its digital certificate. The certificate tells your Web browser how to encrypt data for that server and also who the other computer is. Your browser then verifies that computer's identify by checking its certificate with the company that issued it. Only once it finishes that process, called "SSL handshake," will it open a secure connection.
Caching SSL Certificates
Setting up an SSL connection takes time. Your computer has to download the certificate and verify it, then use powerful public key encryption technology to establish how it will do encrypted transfers for the rest of the session. To save itself from having to go through this process every time it connects to that server, your computer stores, or caches, the certificates until you shut it down. That way, if it needs to reconnect, it's already part of the way there.
Issues With Caching
Caching SSL certificates is a tradeoff, though. The data that you store on your computer could get corrupted, so that when you go back to reconnect to the site, you would have the wrong certificate information and the SSL handshaking process won't work. In addition, something could change with that other server's certificate, and you wouldn't know about it since you would still be working with a stored version.
Clearing the SSL State
Clearing the SSL state eliminates the problems of caching certificates since it wipes out the cache. Doing this shouldn't be necessary in day-to-day computing, since resetting your computer or, in some cases, closing your browser, will also clear your SSL state. However, this procedure can be useful if you don't reboot your computer very often or if you are encountering problems with SSL connections.
- Jupiterimages/Pixland/Getty Images