With SSL, both the client and the server encrypt data before sending it, and decrypt data upon receiving it. When a browser opens a secured website (using HTTPS), something happens that is called a handshake.

In the handshake, the browser asks the server  for a session; the server answers by sending a certificate and the public key. The browser validates the certificate and, if it is valid, generates an unique session key, encrypts it with the server public key, and sends it back to the server. Once the server receives the session key, it decrypts it with its private key.

Now, both client and server, and only them, have a copy of the session key and can ensure that the communication is secure.