SSL (Secure Socket Layer)
SSL is the industry standard technology used for sending encrypted information between a web browser and a web server. This ensures that the data shared between the browser and the server remains secure and is not read or interfered with. Data security is obviously crucial for successful ecommerce to protect both personal and financial information.
SSL involves encrypting data using the Public Key Infrastructure (PKI) where the server creates two cryptographic keys – a Private Key and a Public Key that are used to encrypt and unencrypt the data transmitted.
Sharing data securely is one thing, however, equally important is trusting who is at the receiving end. It’s vital to know that the website or online shops, are in fact, who they say they are. An SSL Certificate is issued by a Certificate Authority who verifies the identity of the website and its owners. The SSL Certificate contains the domain name, owner or company name, address, and country details of the website. It also contains the expiration date of the Certificate and the name of the Certification Authority responsible for issuing the Certificate. Finally, the certificate includes the public key of the server which is used for that encryption of data.
When your browser connects to a secure website, it retrieves the site’s SSL Certificate and checks that it is in date, that it’s issued by a trustworthy Certification Authority, and that the certificate is being used by the actual website that it’s issued for. If it fails on any one of these checks, the browser will display a warning to the end user letting them know that it cannot verify the website. If the browser suceeds in verifing all of the information, it indicats this by displaying a locked padlock icon or similar in the browser status bar. Clicking on this padlock icon will display the certificate information to the user.
Types of Certificates
The most common SSL Certificate is a domain validated certificate and is used to verify and secure one domain, (generally domain and www.domain). There are other certificates available to cover variations, such as wildcard subdomains (*.domain) , multiple domains and Extended Validation certificates (displays a green URL bar and requires a more rigerous validation process).
It important to note, the actual encryption level does not vary according to price or issuing Authority. If for example, you require a certificate to authenticate a mail server, your mail is equally secure using a cheaper certificate as an expensive one. However, when it comes to ecommerce, most companies perfer to use a more recognised name that will allow them to display a certificate seal on their website. This is purely to incease customer confidence with the site.
Certificates can be issued by a number of different Certification Authorities. Irish Domains supplies certificates from GlobalSign, Thawte, Comodo, Trustwave & GeoTrust. Both the cost and verification process will vary according to the issuer and certificate type. Multi-year certificates are available from most issuers.
SSL Certificate requirements
Your domain must be running on a package or server with a dedicated IP address. Irish Domains Business 10 hosting or higher provides this, as do all our VPS packages. A Certificate Signing Request must be generated on the server, which is used to digitally sign the new certificate.
Validation is carried out by the Certification Authority generally via confirmation email to a standard email address at the domain. Some authorities may on occasion request additional information or contact the purchaser directly as an additional spot check.
Once issued, the certificate can then installed on the server.