You have more than likely seen the term SSL and you know it has something to do with internet security but you aren’t exactly sure if you need it, if you should be using it or even if you should look for it when doing business online.
SSL stands for Secure Sockets Layer. It is the standard security technology for establishing an encrypted or a coded link between a web server and your browser such as Firefox or Google Chrome. This link ensures that all data passed between a website and your computer remain private. This is particularly important when you are transmitting your credit card information to the website for a purchase. Think of it like this: If you were to give your credit card number to a particular vendor over the airways of your favorite radio station, you would be horrified at the thought that anyone listening could record it and keep it. However, if you had a magic voice scrambler that could rearrange the numbers of the card, the expiration date and 3-digist or 4-digit code as you said them and then revert them back to the correct order only to the company you want to have it everything would be okay. The internet is very public and SSL technology is a scrambling system that prevents unauthorized people from viewing, joining or following your transactions.
To be able to create an SSL connection a web server or website requires an SSL Certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys – a Private Key and a Public Key.
The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) – a data file also containing your details. You should then submit the CSR. During the SSL Certificate application process, the Certification Authority will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL. Your web server will match your issued SSL Certificate to your Private Key. Your web server will then be able to establish an encrypted link between the website and your customer’s web browser.
The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session – the lock icon in the lower right-hand corner, clicking on the lock icon displays your SSL Certificate and the details about it. All SSL Certificates are issued to either companies or legally accountable individuals.
Typically an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate. When a browser connects to a secure site it will retrieve the site’s SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.
What makes SSL even more popular is that Google recently started using SSL as a search signal. This means if your site has an SSL Certificate you will be more visible in search results as a more reliable website to visit and conduct business with.
Because SSL assists with identity verification and data security, it has the effect of making your website more secure. And, just as importantly, that security is visible to guests and customers. When they see the “https” indicator on their web navigation bar, they know they’ve reached a safer website.
Behind the scenes, SSL connections encrypt data transmissions from one server to the next. So, it becomes virtually impossible for hackers to follow transactions and communications from the outside. That’s a big benefit for any business, but particularly one that deals with sensitive customer information.