When sending and receiving sensitive data online, it is paramount to have that data encrypted to prevent the data being stolen or tampered with before it reaches the intended destination. SSL (Secure Socket Layer) helps to achieve this goal – it provides a way for data to be encrypted in a way which can be decrypted when it reaches the final destination.
However, this poses a problem in itself. How can you be sure that the encrypted connection is really coming from the server it should be? An SSL certificate solves this problem. The organisations which issue SSL certificates are trusted by Web browsers to do so properly, and are vetted on a regular basis. These companies are called Certification Authorities.
It is important to consider the consequences of not having a valid SSL certificate used in the areas of your website which are secured over SSL. If a potential client accesses your client area which is secured over SSL but does not have a valid certificate in use, their Web browser will stop them from connecting to that area of your website and will advise the user to not go further for their own safety. This can cause a dramatic loss in revenue and can be damaging to your business image.
There are different types of SSL certificates and each serve a slightly different business need. While all SSL certificates provide the necessary level of encryption necessary for the safe transmission of sensitive data over the Internet – for companies which are handling data like credit or debit card information, such as banks and online eCommerce stores – often choose more robust SSL certificates most of which involving additional authentication checks which are undertaken by the Certification Authority.
How are SSL certificates issued and trusted?
SSL certificates are issued by Certification Authorities directly. Every Web browser has a list of trusted authorities and if a valid SSL certificate is supplied from an issuing company which is trusted by the Web browser, the certificate will be deemed safe by the Web browser. Of course, the certificate simply tells the Web browser that the secure connection is authentic and can be trusted strictly from the point of view on where the secure connection is going to.
Do SSL certificates help customers know whether a website is safe to buy from?
SSL certificates provide an assurance to customers that their personal details are fully secure when they make a purchase through the specific online merchant. However, they do not provide an implied or expressed guarantee that any online website is trustworthy with how they collect and use any personal information they collect from a visitor. Anyone can purchase many of the cheaper kinds of SSL certificates – even online criminals.
There are, however, products like Website Passports that can provide some assurance to potential customers about the authenticity of an online business before they make a purchase from them. However, SSL certificates are in of itself solely to provide assurances that data transmitted through a website secured by a valid SSL certificate is safe and secure during transmission and will only be received by the server which needs to receive it.
What type of SSL certificates are there?
The most common SSL certificates are:
- ·Domain Validated SSLs: These simply validate that the person who is purchasing the SSL certificate owns the domain name for which the certificate is being purchased for. With the process for validating the owner of the domain name being fully automated, Certification Authorities generally issue these certificates within minutes of this automated verification process being completed.
- ·Organizational Authentication SSLs: These types of certificates offer the same benefits as Domain Validated SSLs but confirm and authenticate the organisation which is purchasing the certificate. Organizational Authentication SSLs are typically issued within 1 – 2 business days of ordering.
- ·Extended Validation SSLs: EVs are much like Organizational SSLs but provide a deeper level of authentication against the organisation which is purchasing the certificate. Certification Authorities must also use trustworthy and reliable third-party sources to verify the data provided by an organisation applying for an EV certificate. As an added benefit, websites secured over SSL with an EV certificate will activate the Web browser’s “green bar” which provides clear and instant assurance to customers that the site has been verified as an authenticated business. EV SSLs are typically issued within 3 – 5 business days of ordering.
Would an SSL certificate work across my entire website?
Yes, your SSL certificate will work for any area of your website where the certificate is valid. However, it will not work on separate sub domains unless you purchase a Wildcard SSL certificate. Wildcard certificates allow you to set and use the certificate on any sub domain which you may have – such as forums.example.com.