- slide 1 of 5
Lingering Doubt Doesn't Produce Lingering Visitors
If your website requests personal or financial information from visitors, they want and need to know that they can trust that their information is secure from unauthorized access and use. SSL Certificates ensure that server and browser adequately identify themselves and securely exchange information.
- slide 2 of 5
What Is An SSL Certificate?
SSL is a acronym for Secure Sockets Layer, a protocol and mechanism for a web browser and a server to safely exchange information. The server encrypts the information going to the web browser and provides the browser with the necessary data to decrypt the received information. This provides a secure channel for the browser and server to exchange information. The secure channel is the Secure Sockets Layer, or SSL.
Before the server and browser exchange the desired information, the server must identify itself to the browser so that the browser (requestor) can determine that the server is the one that the browser, being used by the online shopper for example, intends to contact. The server provides to the browser specific information about the owner of the server and other identifying data. This information comprises the SSL Certificate.
Whenever a user contacts a secure server, the browser has a couple of different ways to show that it is accessing a server through an SSL. One way is that the browser page tab or the address bar changes color, usually to a soft yellow or bright green:
Whenever a user contacts a secure server, the browser has a couple of different ways to show that it is accessing a server through an SSL. One way is that the browser page tab or address bar changes color, usually to a soft yellow or dark green. The image at the left shows a Bank of America login page URL. Note that the left portion of the URL address bar is dark green; also note that the URL prefix is "https" instead of "http". The added 's' indicates that the page is accessed via SSL.
This image to the left presents another view of a secure page. Here the browser displays the URL address bar in a soft yellow shade. The URL prefix is again "https", also indicating the SSL page access. Note the small padlock icon at the extreme right end of the URL address bar. Some browsers display the padlock icon in the URL address bar, as shown here; other browsers display the padlock icon along the bottom of the browser in the status bar.
Clicking on the padlock icon displays an introductory spash screen with a summary of the SSL certificate information. Here, the screen shows that Bank of America is the verified owner of the site being visited; the screen also shows that this connection provides 128-bit encryption for the data exchanged between the B of A server and the web browser. The bottom pane shows a brief history of your browser's most recent visit to that site. Clicking over the "Certificate Information" button at the bottom left of the screen displays information from the SSL certificate, as shown in the image below.
The viewer can verify this information and determine to proceed with the intended transaction.
- slide 3 of 5
SSL certificates provide authentication information about the secure website.
- slide 4 of 5
Why and When Do You Need One?
If your site requires users to log in or to provide personal or financial information, you need to demonstrate that your site can be trusted with the information. This trust means that you will protect the user's information from authorzed access and use. You also need to know that visitors accessing your site are there for valid reason. The first place that you establish this trust and assurance is the at the browser/server interface. Your site must establish that it is, in fact, the site that it says it is. Your site must also have a means to safely exchange information with visiting browsers so that no other agent can intercept the information.
Online banking, investment, and shopping sites are the most obvious examples of sites needing to instantly establish trustworthiness. Any site that requests users to log in must not only authenticate that the user is who he/she represents but must also ensure that the user is confident that they are logging into the intended site. Any of these cases warrants using an SSL and thus needing an SSL certificate.
- slide 5 of 5
Purchasing SSL Certificates
Now that you've figured out that yours website need an SSL certificate, how do you go about obtaining one? Luckly, that is nowhere near as complicated as the technology that we've described here. Popular web hosting services such as GoDaddy.com (click this link to read a review of GoDaddy.com hosting services) offer SSL certificates as a separately purchased product or service. VeriSign and GeoTrust are two companies that offer web security products and services; SSL Certificates are but one of their many offerings. Prices can start from as little as $30 a year for basic verification and certificate issuance to well over $1000 a year; depending upon such criteria as the level of authentication (single domain or company), encryption strength, the number of servers upon which SSL is installed.