Google

What is SSL (the little padlock)?


SSL ("Secured Socket Layer") is a protocol used to encrypt the communication between the user's browser and the web server. When SSL is active, a "little padlock" appears on the user's browser, usually in the status line at the bottom (at the top for Mac/Safari users.)

This assures the user that sensitive data (such as credit card numbers) can't be viewed by anyone "sniffing" the network connection (which is an increasing risk as more people use wireless networking).

Common web site owner questions about SSL:

How do I get the little padlock on my site?

To get the little padlock, your site must have an SSL Certificate from a Certificate Authority. Once an SSL Certificate has been purchased and installed, it provides three things:

  • The ability to show a page in "Secure Mode", which encrypts the traffic between the browser and the server, as indicated by the "little padlock" on the user's browser.
  • A guarantee by the issuing Certificate Authority that the domain name the certificate was issued for is indeed owned by the specific company or individual named in the certificate (visible if the user clicks on the little padlock).
  • An assurance that the domain name the certificate was issued for is the domain name the user's browser is now on.

    • Once obtained, the certificate must be installed on the web server by your web host. Since your web host also has to generate an initial cypher key to obtain the certificate, very often they will offer to handle the process of obtaining the certificate for you.

    My web host has a "shared certificate" that I can use. Should I?

    It's still fairly common for small sites to use a shared certificate from the host. In this circumstance, when a page needs to be shown in secured mode, the user is actually sent to a domain owned by the web host, and then back to the originating domain afterwards.

    A few years ago, when SSL Certificates were quite expensive (around $400 per year), this was real attractive for new sites just getting their feet wet in e-commerce. Today, with a number of perfectly functional SSL certificates available for under $100 (exclusive of installation, etc.), it is a lot less attractive. Since your user can look a the address line of his or her web browser and see that the site asking for the credit card number is not the site he or she thought they were on, the cost savings is probably not worth the risk of scaring off a sale.

    What's the difference between the expensive SSL Certificates and the inexpensive ones?

    Usually, mostly price. Some expensive certificates have specific functions, like securing a number of different subdomains simultaneously (a "wildcard" certificate), but the effective differences between basic single site certificates are very slight, despite the wide range of prices:

    The encryption mechanism used by all of them is the same, and most use the same key length (which is an indicator of the strength of the encryption) common to most browsers (128 bit).

    Some of them ("chained root" certificates) are slightly more of a pain for your web host to install than others ("single root" certificates), but this is pretty much invisible to the site owner.

    The amount of actual checking on the ownership of the domain varies wildly between vendors, with some (usually the more expensive) wanting significant documentation (like a D&B number), and others handling it with an automated phone call ("press #123 if you've just ordered a certificate").

    Some of them offer massive monetary guarantees as to their security (we'll pay you oodles of dollars if someone cracks this code), but since it's all the same encryption mechanism, if someone comes up with a crack, all e-commerce sites will be scrambling, and the odds of that vendor actually having enough cash to pay all of its customers their oodle is probably slim.

    The fact is that you are buying the certificate to insure the safety of the user's data, and to make the user confident that his or her data is secure. For the vast majority of users, simply having the little padlock show up is all they are looking for. There are exceptions (I have a client in the bank software business, and they feel that their customers (bank officers) are looking for a specific premier name on the SSL certificate, so are happy to continue using the expensive one), but most e-commerce customers do not pick their sellers based on who issued their SSL Certificates.

    My advice is to buy the cheaper one.

    I have an SSL certificate -- why shouldn't I serve all my pages in "Secured" mode?

    Because SSL has an overhead -- more data is sent with a page that is encrypted than a page that isn't. This translates to your site appearing to run slower, particularly for users who are on dial-up or other slow connections. Since this also increases the total amount of data transfered by your site, if your web host charges by transfer volume (or has an overage fee, as most do), this can increase the size of your monthly hosting bill.

    The server should go into secure mode when asking a user for financial or other sensitive data (which may well be "name, address and phone number", with today's risk of identity theft), and operate in normal mode otherwise.

    Updates to this article, and many other great articles and tutorials for small business web site owners can be found at Insanely Great Sites!

    MORE RESOURCES:

    RELATED ARTICLES

    Choosing An Internet Merchant Account
    Surf to Google and perform a search on "Internet Merchant Account". The results are staggering (472,000 results!) If you have created a web based business and need to accept credit card payments, your choices are limitless.
    Credit Card Processing - 7 Things You Need to Know Before Opening an Online Merchant Account
    When considering opening an online merchant account to accept credit card orders, there are a lot of things you need to keep in mind. The best thing to do is learn all about credit card processing before you open your online merchant account so you can handle everything from the beginning rather than having to go back and make many changes.
    The Top 10 E-Commerce Ways to Follow up with Clients - Part 1
    Did you know that 80% of all sales are made after the 5th contact? The biggest mistake we make is not following up with our clients regularly. We not only lose the chance to offer other services and products, we lose the chance for satisfied clients' referrals.
    Beginner Ecommerce Mistakes
    This is a short article because in the constraints of time and space preclude me from writing a 10 page article. Recently i built a ecommerce web site titled Cynscorion Products that sells knifes.
    Why Our Site Was Removed From The ODP
    Our website, Best Of The Home, has been listed in the Open Directory Project for over a year. Recently, I conducted a search of the ODP for my site, to update it, and found that it was no longer listed in any category.
    Online Business- What Makes It a Success!
    Only a few manage to sell everything under the sun over the internet. There are billions of web sites running online business, trying to outdo each other by various means.
    The House Of Print.Com
    Publishing has always been a difficult business to promote successfully, which titles by which authors to promote, which genre, will it be fiction or non-fiction? Will they sell? Will they make money, both for the publisher and for the author? So many questions which there is no definitive answer and so the publisher takes a chance with his money and his time and resources and decides on which books to publish, promote and distribute to the bookshops. He may only distribute to bookshops in his own country and if they don't sell well enough, will not be seen by anyone else in the world.
    Choosing the Right Online Shopping Cart
    Are you a website owner or a web designer/developer? If either applies, I would venture to say that eventually you'll need an online shopping cart for one of your websites. In fact, almost all new websites today need some sort of ecommerce built-in, for the purpose of selling goods and services in the online marketplace.
    Direct Marketing isn't all Brute Force
    There are so many metrics surrounding direct marketing. So many facts, figures, test results and other sundry measurements.
    Electronic Commerce and WTO
    The Internet may not be useful for all businesses, nor do all have to develop an Internet information strategy. Some businesses are concerned with the start-up costs of connecting such as purchasing hardware and software, subscribing to an Internet connection or service provider, and training staff.
    Choosing an Ecommerce Shopping Cart
    Choosing an online shopping cart is a big decision. Unlike a traditional brick and mortar business, your website is your only chance to impress potential customers.
    Increasing E-Commerce Website Sales: A Guide for the Online Newbie
    Because of this encouraging surge in activity, many individuals are now interested in becoming e-commerce merchants. To profit from your online business, you must first produce a unique website that will intrigue visitors and interest them in your items.
    The Origins of E-Commerce
    What is the Internet?In order to provide a discussion on the Internet it is essential to provide a short description on what the Internet actually is. Put in the most basic of terms the Internet can be described of as a massive collection of computers that are sited around the world and that are connected together in order to create a huge network that allows information to be collated and shared by millions of people.
    Getting Started in ECommerce - Part Two
    In Part One we talked a little bit about what Ecommerce is, getting a domain name and setting up a merchant account. Ecommerce is more than that, much more.
    Set Yourself Apart From The Ordinary
    I have written at length about the need to anticipate your visitors' needs. I have talked about how the first screen of the homepage needs to connect immediately and directly with the task each visitor has on his or her mind.
    Merchant Account Insider Secrets - Accept Credit Cards Online
    The process of learning how to accept payments on the Internet is similar to the course of figuring out how to launch a business. What at first seems puzzling and intimidating may be viewed as straightforward and easy to understand if one has the right guide or manual.
    Top 5 Dot Com Myths Debunked
    Most people who get into business know what's involved. They have completed hours of research before getting into it.
    Conducting Business through B2B E-marketplaces
    Businesses, which are still sitting on sidelines and not doing business on the Internet, should think seriously about their position! If you are one of them, chances are there, that you have to pay dearly for your indecision as you might lose significant market share to your more proactive competitors in a very short period of time.Apart from the fact that e-commerce is growing at the rate of more than 25 percent a year, the use of online features can bring efficiency to virtually every aspect of business process, be it supply chain management or customer support management.
    How To Stay Cutting Edge In Online Business
    Let's face it, there's just way too much information out there for any one individual to try to keep abreast of. And yet, if we shut ourselves off from the world, we risk building our businesses in a vacuum and suffering on the bottom line.
    E-Gold
    E-gold is a digital currency, used extensively on the Internet for making payments in exchange for goods and services.It is one of the first digital e-currency providers, having started in 1996.