Secure Sockets Layer (SSL) is a protocol, or set of rules, used to create a secure Internet communications channel. SSL is especially important during transactions with an ecommerce website or online store to prevent the theft or misuse of private information.
You should never purchase from a website that does not have an active SSL certificate.
Whether you are operating an online store or not, it is useful to know some SSL basics, particularly how to recognize an SSL-protected website.
How SSL works
An SSL certificate verifies the identity of the website secured with SSL, and provides encryption keys so that the information being transmitted can only be read at its destination.
For example, let’s say you are attempting to make a purchase from an online store:
Your browser will ask the online store’s server to identify itself. The server will send the SSL certificate – which includes a key pair and identification information – to your browser.
The key pair consists of a public and a private key. The server will share the public key with your browser in order to set up a unique session key and the encryption method.
If your browser determines the SSL certificate is active and trustworthy, your browser will send a confirmation message to the server.
The server sends back a digitally signed acknowledgement (the “SSL handshake”), and the SSL-encrypted session begins.
How to recognize an SSL-protected website
Before you purchase anything online or submit any password, payment details, or other sensitive information, you must verify that the website you are visiting has an active SSL certificate. You will know the website (or the specific pages of the website on which you enter personal or payment information) is secured with an SSL if:
- The website address begins with “https” instead of “http” (the address bar may also be green)
- There is a locked padlock (or unbroken key) icon in the browser bar. Click this to check the SSL certificate
- You see a trust mark or seal/logo from an SSL provider. Click this for more information
Do I need an SSL certificate?
If you are running an ecommerce website or online store of any sort, the answer is definitely YES.
In fact, all websites that collect personal information of any sort should have an SSL certificate in order to protect the information. In general, your website should be SSL protected if it:
- Sells products or services online
- Asks visitors to register for a service or newsletter
- Has a secure, password-protect area
- Asks visitors to choose/enter a password or fill out a form
An SSL certificate is a small investment that will bring major returns in terms of customer trust, loyalty, and conversions. As a website owner, you know that security is crucial to your reputation. An SSL certificate will also bring you greater peace of mind.