Security should be a paramount concern if you run an e-commerce site that processes card transactions, if sections of your site contain private data, or if you are involved with sending confidential data of any kind. You should approach digital security in the same manner that you do physical security; you wouldn’t leave your front door unlocked, allowing burglars to walk right in would you? Nor should you do so in the digital realm. SSL security certificates are just one element of a sensible approach to site security, they are however one of the fundamentals to good security.
( Image Credit: Shutterstock )
What is an SSL certificate?
An SSL (Secure Socket Layers) certificate, in simple terms, is a small piece of code that allows data to be encrypted between a user and a server. It therefore prevents someone else from hijacking the connection and potentially stealing the data, this is a vital requirement for e-commerce sites.
Each SSL certificate is unique and willcontain information about the particular site/business, such as the registered domain, legal business name, etc. It allows users to validate exactly who they are sending confidential data to. There are different types of certificate, but even a basic option will at least display the domain, validity period, and issuer.
A certificate is issued by a CA (Certificate Authority), who will have to follow rules and regulations as to who they can sell certificates to. A certificate from a CA communicates a level of authority and trust, which will put your site’s users at ease. Comodo, Verisign and Thawte are just a few examples of recognised CAs. However, other retailers can become official re-sellers which entitles them to sell certificates from a CA, so you don’t necessarily have to buy direct from a CA and can shop around for a good price.
How can I see if a site has an SSL certificate?
You will notice that many sites are prefixed with ‘http://’ which stands for ‘Hypertext Transfer Protocol’. A site using an SSL certificate will be prefixed with ‘https://’ and there may be a locked padlock logo in the address bar, this refers to a ‘Secure HTTP’ connection. Clicking on the padlock, or a similar logo, will display which CA has verified the site and other information. However, please note that many sites will only enter HTTPS for a secure session once there is a need, such as entering the checkout process.HTTPS has become a basic requirement for online shoppers, even some technophobes are beginning to understand the relevance of a locked padlock logo in their address bar.
What happens during the SSL encryption process?
Let’s think again of physical security, which utilises locks and keys, an SSL certificate isn’t all that different. Every SSL session has both a public key and private key, the former is used to encrypt the data and the latter is used to decrypt it. The user’s browser will request data from the server, therefore entering into what is known as an SSL ‘handshake’. You should notice changes now that a secure session has started, such as the locked padlock logo mentioned previously. Without the correct key you won’t be able to access the data, this is what prevents a third party from stealing the data.
This is a very basic description butas a beginner it’s not that important to fully comprehend the technical details of the process. However, gaining a simple understanding might aid you in the future andprevent some of the common issues faced during the set-up of your certificate. Don’t worry if a lot of the terms seem scary, just try and learn a basic overview of the process.
What type of SSL certificate should I purchase?
- Shared Certificates
These aren’t tied to your own domain name, they will use the server name of the provider. If the general public try to create a connection, it will result in browser warnings. A shared certificate is therefore unsuitable for e-commerce. However, it will be fine if you simply want to protect a section of your website that isn’t accessed by the general public.
- Domain Validated Certificate
This certificate is directly linked to your domain name, so the general public will be able to use this certificate and it is suitable for e-commerce sites.
- Organisation Validated Certificate
If you want to go a step further than a domain validated certificate, then consider an organisation validated one. Domain validated certificates only prove that you own the domain, so you will have to fill out some additional paperwork to gain an organisation validated one. Your users will have more trust in your site though, so it is definitely worth considering.
- Extended Validation Certificates
These certificates validate your organisation. However, they also prevent fraud through a further set of checks and validations. This certificate grants your site with agreen security logo in your address bar, this commonly recognised feature could result in more conversions for your site.
- Wildcard Certificates
A wildcard certificate allows encryption on subdomains of your site. For example if your site is www.example.com, it might also have a sub domain of www.sub.example.com. This certificate allows you to offer encryption on both the domain and any subdomains.
Hopefully now you have a basic understanding of SSL certificates, you can determine whether your site requires one. Ordering, activating and setting up your SSL certificate can be tricky but isn’t the most complicated procedure. Be sure to choose a seller with a good customer support and returns policy. You will be able to seek help and if even it does all go wrong, then you can at least ask for your money back.
This post was written on behalf of SSLs.com, resellers of SSL certificates from the likes of Comodo, GeoTrust and VeriSign by John Philips. Find out more at http://www.ssls.com/.