For a client to establish a secure connection with a server, the two parties first perform a “handshake” using asymmetric cryptography. In the beginning of the handshake, the server sends its digital certificate across to the client on receiving its request to connect. The client checks the certificate for problems, and on finding none, encrypts a “session key” with the server’s public key (that’s found on the certificate). The server decrypts this session key with its private key (that’s known only to it). Now, both the server and the client knows the session key, and this key is used to encrypt and decrypt all messages that are exchanged in that particular session. The session key is discarded after the session terminates.