HomeBookmark Info.comMake Info.com your HomepagePlugins Visit other Info sites:
Info.com - Your independent search platform...
WebTopics
ResearchJobsFlightsImagesVideosShopmore


SSL Certificate

Get information on how an SSL certificate works.

An SSL certificate is used for maintaining secure online transactions. [©Jupiter Images, 2010]
©Jupiter Images, 2010
An SSL certificate is used for maintaining secure online transactions.

A Secure Sockets Layer (SSL) certificate is the gold standard for maintaining secure online transactions. SSL, or Secure Sockets Layer, uses a digital certificate that enables an online purchase to be secure, without interrupting the buyer's checkout process. SSL certificates ensure buyers that private information, such as e-mail addresses, phone numbers, home mailing addresses and credit card numbers, are transferring over a secure server. Web sites without SSL security may end up losing business if customers do not feel comfortable giving out information over an unsecure server.

According to VeriSign, an SSL certificate allows visitors to trust a Web site in three necessary ways:

  • An SSL enables encryption of sensitive information during online transactions.
  • Each SSL contains unique, authenticated information about the certificate owner.
  • A Certificate Authority (CA) verifies the identity of the certificate owner when it is issued.

SSL Certificate Basics

The Linux Documentation Project notes that Netscape developed SSL to add security to the communication between servers and browsers. SSL uses encryption, a form of turning data into code, which prevents third parties from hacking into private information during an online transaction. The certificate contains all the information about the owner of the certificate, including name, e-mail address, certificate usage, duration of the certificate and certificate ID. According to Rapid SSL, buyers know when they are dealing with a secure site because a gold padlock logo appears in the corner, and the Web address begins with "https" rather than "http." In order to maintain a secure session, a Web site needs an SSL certificate.

The Network Solutions site gives a general overview of how SSL protects a buyer:

  • The browser checks the SSL certificate authenticity.
  • Encryption levels are established based on what the browser and server can both use to communicate.
  • The server and browser use encryption to begin transferring information by sending unique codes to each other.
  • The browser and server communicate using the encryption to process the transaction securely.

How an SSL Certificate Actually Works

If a Web site's SSL certificate works properly, the buyer completes the transaction and has a smooth shopping experience. But there are many intricate steps that take place during a secure transaction. While the above mentioned steps give a general overview of how SSL works, the following information breaks down the SSL certificate process and how it protects an online buyer and a seller.

A computer browser requests a secure page, and the server sends its public key and the certificate. The browser then checks the authenticity of the certificate, making sure it's a valid certificate and that it relates to the site contacted. Then the browser uses the public key to encrypt a symmetric key, and along with the encrypted URL, sends it to the server. The server uses a private key to decrypt the message and the URL, and then it sends the needed information back to the browser. The browser decrypts the data using the private key and displays the information on the Web site.

To understand this process, users should understand how a certificate key works. A public and private key work together to encrypt and decrypt the information sent between the server and browser. The public key is the key given out during a transaction and is the key noted on the certificate, while the private key is kept secret. It is the encryption between these two keys that makes it more difficult for hackers to gain personal information. Since the keys must work in pairs, the private key can only decrypt the information sent from the public key.

How to Choose an SSL Certificate

There are plenty of companies specializing in the sale of SSL certificates. However some Web hosting companies only allow users to purchase SSL certificates if they use that company as a Web host. There are a few facts SSL certificate buyers should consider when shopping around for a certificate.

  • The higher the encryption level of a certificate, the higher the security level. There are 40-bit, 128-bit and 256-bit encryption levels, with 256-bit providing the greatest security. Browser compatibility is very important since a Web site operator cannot control which browser a client uses to place an order. Any SSL certificate should support the most common browsers, including Microsoft Internet Explorer, Mozilla Firefox, Opera and Safari according to the SSL Certificates Guide.
  • SSL buyers should work with sellers who perform background checks on domain ownership. These checks insure that the person applying for the certificate is legitimate and also guarantees that they own the domain name under which they conduct business. Another thing to research is the warranty and reissue policy of the SSL provider. Most companies offer warranties for a fee, which protect against loss and misuse of a certificate. Reissuing happens when a certificate is lost or does not work with the domain.
  • Those in the market for an SSL certificate should also consider the amount of time it takes an SSL provider to set up a Web site.. The quicker a provider sets up the certificate, the sooner the Web site can start performing secure transactions, and in many cases this means sales and profits.
  • For buyers confused by the buying process there are sites such as Which SSL, which compare various SSL certificate providers. These sites create charts and organize the information by encryption level, price, domain check, warranty, refund policy and reissuing policy.

Who Needs an SSL Certificate?

Anyone conducting business online or gathering sensitive information to conduct business online should integrate an SSL certificate for complete protection. Customers want to be sure that the information they give to complete a transaction remains safe. When a customer knows that SSL encryption protects their information, they are more comfortable making a purchase or sharing information to complete a business deal. As well as credit card numbers, addresses and telephone numbers, many customers prefer to keep e-mail address private to ensure that their inbox is not flooded with spam mail.

Not every Web site needs SSL protection. A Web site that highlights particular works or that a person uses to share personal stories and events does not need an SSL certificate. SSL certificates are strictly for Web sites that conduct business transactions and sites where users input personal information.

Related articles

Search the Web

We are not lawyers or legal professionals, nor are we financial counselors or professionals. The content of this Web site is intended to provide general information and advice. Prior to making any legal or financial decision, you should consult a licensed professional. For more information see Terms of Service/Usage Agreement.
Home   |   About   |   Media Comments   |   Legal & Privacy Policy   |   Tell a friend   |   Contact
Copyright © 2012 Info.com – All Rights Reserved.