Trying to explain the SSL browser<->server process is complicated but I've taken a stab at it It's a bit of a ramble but hopefully makes sense.

Note: For those unsure of public/private keys, think of them as very long passwords :)

1. Web browser sends the web server some basic SSL info such as what encyrption types it can support
2. Server replies with its own SSL info including it's security certificate and public key
3. Web browser checks the certificate is valid and came from the correct domain
4. Web browser now creates a private key that it combines with the servers public key and sends back to the server.
5. Web browser and the Server now create yet another key - the "master" key - this will be used from now on (until the end of the session) to encrypt/decyrpt the requests
6. The web browser confirms to the web server that it's ready to start sending encyrpted data and the Server confirms to the web browser that it is also ready.
7. All data is now encrypted by the web browser before being sent to the web server and the server encrypts all data (ie, web pages) before sending them back to the web browser.

As Wildhoney mentioned, none of this really matters in PHP - all you have to do is make sure your script is being accessed by https:// rather than http:// and that the web server supports SSL.

Edit: And the reason for using SSL to send things like credit card numbers is so that no-one can perform a "man in the middle" attack - basicly someone records all info sent between you and the server. If the credit card number was sent un-encrypted then they would see it in plain text - which would be bad

Alan.