One Way or Two Way Encription

"SSL provides secure connections by allowing two applications connectingover a network connection to authenticate each other's identity. Additionally, SSL provides encryption of the data exchanged between the applications. Authentication allows a server (one-way) and optionally a client (two-way) to verify the identity of the application on the other end of a network connection. Encryption makes data transmitted over the network intelligible only to the intended recipient.
Features of SSL include the following concepts:

• SSL provides a mechanism for one application to authenticate itself to another application.
• One-way SSL allows one application to be certain of the identity of the other application.
• Two-way SSL (mutual authentication) allows both applications to be certain of the identity of each other.
• The application that assumes the "server" role possesses and uses a server-side certificate to prove its identity to the client application.
• In mutual authentication, the application that assumes the "client" role possesses and uses a client-side certificate to prove its identity to the server application.
• The application that is presented with a certificate must have in its possession the root certificate (or certificate chain) of the CertificateAuthority (CA) that signed the certificate being presented. The root CA certificate, or chain, validates the certificate being presented.
• In client connections, the client browser alerts the user when presented with a certificate that is not issued by a recognized Certificate Authority. 

Private keys, digital certificates, and trusted Certificate Authorities can be used to establish and verify the identity of network applications. SSL uses public key encryption technology for authentication. In public key encryption, a public key and a private key are generated for an application.The keys are related such that data encrypted with the public key can only be decrypted using the corresponding private key. Similarly, the data encrypted with the private key can only be decrypted using the corresponding publickey. The private key is carefully protected so that only the owner can decrypt messages that were encrypted using the public key. The public key is embedded into a digital certificate with additional informationdescribing the owner of the public key, such as name, street address, and e-mail address. A private key and digital certificate provide identity for the application. The data embedded in a digital certificate is verified by a trusted CertificateAuthority (CA) and digitally signed with the Certificate Authority's digital certificate. Well-known Certificate Authorities include Verisign and Entrust.net. A trusted Certificate Authority establishes trust for an application
An application participating in an SSL connection is authenticated when the other party evaluates and accepts their digital certificate. A digital certificate used to authenticate is validated by an associated root CA certificate located on the receiving application. Web browsers, servers, and other SSL-enabled applications generally acceptas genuine any digital certificate that is signed by a trusted Certificate Authority and is otherwise valid. For example, a digital certificate can be invalidated because it has expired or the digital certificate of the Certificate Authority used to sign it expired. A server certificate can be invalidatedif the host name in the digital certificate of the server does not match the host name specified by the client." - IBM Tivoli