SSL Certificates, A Beginner's Guide

Web hosts have become proficient in helping merchants through the process of acquiring SSL certificates.

Millions of people routinely go online and make purchases everyday. It’s become second nature whether they are purchasing books, concert tickets or articles of clothing. Stock market trading has ballooned several billion dollars because of the convenience and savings offered by online trading. You can even file your taxes securely online.

So why are so many using the Internet for purchasing and conducting transactions online while just as many (if not more) are avoiding it altogether? It’s all about trust.

There are consumers out there who think nothing of handing over a credit card to their server at a restaurant but will argue vehemently about making a purchase online and revealing their precious credit card numbers over the Web. Again, it’s about trust, or rather, distrust.

With billions of dollars at stake, eCommerce practitioners and enablers have done wonders in securing purchases and transactions online only to be undermined by hackers, crackers and thieves.

But gradually consumers have come to accept that merchants want and need their businesses and will work with the best security methods available to make online activity safe, secure and private.

How? One method is through the use of Secure Socket Layers (SSL) certification.

What is SSL?
SSL is a essentially a method of encrypting data as it travels across the Internet to ensure that private information such as credit card numbers remain secure. Netscape, creator of the popular browser, invented it in 1994 and it has been an widely accepted technology since that time.

You may have noticed a padlock icon show up in your browser when visiting certain websites and the “https://” prefix in many URLs in your day-to-day Internet surfing especially evident when you’re entering credit card information, user identification, passwords or emails. You may have also noticed warnings that you are entering an insecure site — this should serve as notice that your information may be viewed by others.

Of course, Web hosts have become proficient in helping merchants through the process of acquiring SSL certificates and indeed it has become part of the Web hosting services or packages. You must first verify that your Web host performs the service and that your hosting account provides for the handling of SSL. It’s always good to establish what this is going to cost you upfront.

Typically, a Web host will obtain a Certificate Signing Request to be generated on the Web server. The request is processed by Certificate Authority (CA), an entity that issues, manages, and revokes certificates.

Then if you are approved, you are provided with an encrypted block of text issued by the CA with a private key to ensure and detect any tampering. Now you can approach the SSL vendor to get your certificate, have it installed (usually by your host) and make sure the “https” and padlock symbols appear on all pages that you need them to appear on.

Some Web hosts offer shared SSL certificates which can be helpful if you want to avoid the hassle of getting your own but the Web host’s domain name will appear when secure processing is taking place. For example https://ABCco.your webhost.com

Basically, most businesses will require 128-bit or better (usually 256-bit) encryption if any payment processing activity occurs on your website. Additionally it’s highly advisable to use 128-bit or 256-bit encryption for exchange of any confidential information or identification such as: names, dates of birth, social security, drivers license, credit card, addresses etc. Your customers usually insist on this kind of privacy anyways, right?

In summary, Verisign posits that you use SSL if: