Yes, you're on the right track! But things actually work a little bit differently than you outlined.
In particular, Steps 4-8 are not quite how SSL works. SSL works a little bit differently. Here is how it actually works (I'm going to make some small simplifications, but this should get the gist of the idea right):
The Gmail server sends your client a certificate. The certificate includes the Gmail server's public key, and some evidence that this public key actually belongs to gmail.com
.
Your browser verifies the evidence in the certificate, to confirm that it has the proper public key for gmail.com
.
Your browser chooses a random new symmetric key K to use for its connection to Gmail. It encrypts K under Gmail's public key.
Gmail decrypts K using its private key. Now both your browser and the Gmail server know K, but no one else does.
Anytime your browser wants to send something to Gmail, it encrypts it under K; the Gmail server decrypts it upon receipt. Anytime the Gmail server wants to send something to your browser, it encrypts it under K.
Your Steps 1-3 are roughly right, though not exactly right, and the details depend a little bit upon what browser you use and what URL you type into the address bar or how you get to Gmail in the first place -- but what you wrote is close enough for understanding the basic concept. Good enough for government work.
Here is some additional reading for you:
How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it?
How do the processes for digital certificates, signatures and ssl work?
Purpose of certificates signed and trusted by CA
Why is faking SSL certificate difficult?
Why is HTTPS not the default protocol?
Is visiting HTTPS websites on a public hotspot secure?
I think those articles should give you an excellent understanding of SSL, how it works, and why it is designed the way it is.
If that's not enough, you must have more more more, here are some articles from Wikipedia:
How certificates work
How SSL works
However they probably have way more technical details than you ever wanted to know, and they aren't a great first introduction to the concepts or the basic ideas.