There are several ways to encrypt data transfers. Usually, you need a key to encrypt something and the exact same key to make the message readable again. However, this method does not make sense on the internet, because users often make contact with people or organizations that they’ve never communicated with outside of the internet before. Consequently, there is no way to pass a key without first sending it unencrypted through a publicly accessible medium. Therefore, SSL certificates use a different procedure.
In a public-key infrastructure, you don’t just create one key, instead you create two: a completely public and private one. A message is encrypted with the public key and can only be decrypted with the private key. It is then the public key and can only be decrypted with the private key. This key is then received by the browser through the certificate and used for encryption. There are different methods for coding the information. Here, too, the web server provides the browser with the necessary information through the certificate.
For example, AES (advanced encryption standard) with the SHA256 cryptographic hash function is a commonly used encryption method, but the standards change regularly, since both criminals and crypto experts are constantly working to identify the encryption mechanism vulnerabilities.