What is SSL (the little padlock)?


SSL ("Secured Socket Layer") is a protocol used to encrypt the communication between the user's browser and the web server. When SSL is active, a "little padlock" appears on the user's browser, usually in the status line at the bottom (at the top for Mac/Safari users.)

This assures the user that sensitive data (such as credit card numbers) can't be viewed by anyone "sniffing" the network connection (which is an increasing risk as more people use wireless networking).

Common web site owner questions about SSL:

How do I get the little padlock on my site?

To get the little padlock, your site must have an SSL Certificate from a Certificate Authority. Once an SSL Certificate has been purchased and installed, it provides three things:

  • The ability to show a page in "Secure Mode", which encrypts the traffic between the browser and the server, as indicated by the "little padlock" on the user's browser.
  • A guarantee by the issuing Certificate Authority that the domain name the certificate was issued for is indeed owned by the specific company or individual named in the certificate (visible if the user clicks on the little padlock).
  • An assurance that the domain name the certificate was issued for is the domain name the user's browser is now on.

    • Once obtained, the certificate must be installed on the web server by your web host. Since your web host also has to generate an initial cypher key to obtain the certificate, very often they will offer to handle the process of obtaining the certificate for you.

    My web host has a "shared certificate" that I can use. Should I?

    It's still fairly common for small sites to use a shared certificate from the host. In this circumstance, when a page needs to be shown in secured mode, the user is actually sent to a domain owned by the web host, and then back to the originating domain afterwards.

    A few years ago, when SSL Certificates were quite expensive (around $400 per year), this was real attractive for new sites just getting their feet wet in e-commerce. Today, with a number of perfectly functional SSL certificates available for under $100 (exclusive of installation, etc.), it is a lot less attractive. Since your user can look a the address line of his or her web browser and see that the site asking for the credit card number is not the site he or she thought they were on, the cost savings is probably not worth the risk of scaring off a sale.

    What's the difference between the expensive SSL Certificates and the inexpensive ones?

    Usually, mostly price. Some expensive certificates have specific functions, like securing a number of different subdomains simultaneously (a "wildcard" certificate), but the effective differences between basic single site certificates are very slight, despite the wide range of prices:

    The encryption mechanism used by all of them is the same, and most use the same key length (which is an indicator of the strength of the encryption) common to most browsers (128 bit).

    Some of them ("chained root" certificates) are slightly more of a pain for your web host to install than others ("single root" certificates), but this is pretty much invisible to the site owner.

    The amount of actual checking on the ownership of the domain varies wildly between vendors, with some (usually the more expensive) wanting significant documentation (like a D&B number), and others handling it with an automated phone call ("press #123 if you've just ordered a certificate").

    Some of them offer massive monetary guarantees as to their security (we'll pay you oodles of dollars if someone cracks this code), but since it's all the same encryption mechanism, if someone comes up with a crack, all e-commerce sites will be scrambling, and the odds of that vendor actually having enough cash to pay all of its customers their oodle is probably slim.

    The fact is that you are buying the certificate to insure the safety of the user's data, and to make the user confident that his or her data is secure. For the vast majority of users, simply having the little padlock show up is all they are looking for. There are exceptions (I have a client in the bank software business, and they feel that their customers (bank officers) are looking for a specific premier name on the SSL certificate, so are happy to continue using the expensive one), but most e-commerce customers do not pick their sellers based on who issued their SSL Certificates.

    My advice is to buy the cheaper one.

    I have an SSL certificate -- why shouldn't I serve all my pages in "Secured" mode?

    Because SSL has an overhead -- more data is sent with a page that is encrypted than a page that isn't. This translates to your site appearing to run slower, particularly for users who are on dial-up or other slow connections. Since this also increases the total amount of data transfered by your site, if your web host charges by transfer volume (or has an overage fee, as most do), this can increase the size of your monthly hosting bill.

    The server should go into secure mode when asking a user for financial or other sensitive data (which may well be "name, address and phone number", with today's risk of identity theft), and operate in normal mode otherwise.


    More Resources

    Unable to open RSS Feed $XMLfilename with error HTTP ERROR: 404, exiting

    More E-Commerce Information:

    Related Articles

    Creating Legal Framework for E-commerce Taxation; non-tax statutes
    We have to make amendments in existing substantive and procedural laws to make it compactable with changing technological advancement of e-commerce?Amending Contract Act, 1872I recommend the amendments in section 3 and 4 of contract Act 1872 so as to make the compactable with section 13, 14 and 15, of the electronic transaction ordinance 2002 related with attribute of communication, acknowledgement of receipt and time and place of the communication between the parties. Either additional section should be added for acceptance device of 'electronic communication', or words be added in matter connected with electronic communication relevant section 13,14 and 15 be evoked while interpretation of section 3 and 4 of contract Act 1872.
    Online Credit Card Processing - How to Accept Credit Cards - Ecommerce 101
    Back in 1998 (through 2000 or so), I worked for a small company (called PaymentNet / then Signio) that handled online transactions. Verisign later purchased this company, and the product team I led integrated the "client" - the portion that took the credit card information and sent it to our servers for processing.
    How To Prevent Your 3rd Party Merchant Account From Suspension
    What would you do if you were sent an email from your online credit card processor telling you that your account has been suspended or frozen?How are you going to pay the bills in the meantime?It is extremely important for you to familiarize yourself with the terms of your contract with your credit card processor.As long as you comply with their set regulation and guidelines to maintain your account in good standing you should have no problems.
    Merchant Accounts: What They Can Do For You
    Congratulations! You created an impulse in a customer to buy your product. One small catch? without some way to take their credit card number, your sale is as good as gone.
    Intranet Portals - Personalisation and Customisation
    The key difference between an (old-fashioned) Intranet and a PortalWhat typifies a modern intranet portal is that there is a standardised user interface ("UI") with a built in system for user authentication. In other words, the user signs in to the portal rather than simply accessing it.
    Looking For Free Advertising, Here It Is!
    There are lots of ways to advertise for free but they are time consuming so I guess technically, they are not free because your time is worth something! But if you have the time and not the money this is for you.I posed the question of "free advertising" to a few forums and they all can back the same, but with new links to check out.
    The Origins of E-Commerce
    What is the Internet?In order to provide a discussion on the Internet it is essential to provide a short description on what the Internet actually is.Put in the most basic of terms the Internet can be described of as a massive collection of computers that are sited around the world and that are connected together in order to create a huge network that allows information to be collated and shared by millions of people.
    Direct Marketing isn't all Brute Force
    There are so many metrics surrounding direct marketing. So many facts, figures, test results and other sundry measurements.
    Web Store - Why Do You Need One?
    Internet has opened a new era of business opportunities. Each day, thousands of new consumers are joining the Internet.
    Choosing on Order Fulfillment Service
    When your eCommerce business grows to the point where you can no longer package and ship the orders yourself, it's time to begin outsourcing your order fulfillment. Although all order fulfillment centers offer the same basic services, their individual methods and costs will help you choose one over the other.
    How e-business and e-Marketing are Changing
    Internet now days became a real marketplace and many many companies using Internet as a online Selling and Customer Care or Support Tool for their Products and Services.Companies using e-Marketing, Search Engines Optimizations, e-mail eMarketing, Opt-In emailing Lists, Web Sites, Online Website Promotions, Backlinks Increasing, Link Building, Online Stores, Data Feeds, RSS Feeds, RSS Submissions, Business to Business (b2b) Exchange, Sales Force Automation Solution Software's, Online Live Customer Care or Live Support etc.
    How To Start An Internet Business - Site Layout
    The fourth step of how to start an Internet business involves the layout of your site. When organizing it, two audiences must be considered.
    Writing Web Pages: Get To The Meat Faster
    Much of my consulting work comprises writing 'Outside Opinion' reports on the sites of large companies and organizations. Sometimes I review just a few pages, sometimes fifty or more.
    A Tale of Two Revolutions - Ecommerce: A Historical Perspective
    The World As It Then WasThe dynamic economic growth of the late 19th century placed greater and greater demand on horses to deliver manufactured goods between train and local destinations. Horses pulled stagecoaches, buggies, omnibuses, cabs and even shipping barges in canals.
    The Art of Being Human
    This isn't the first time I have written about the benefits of inserting a human voice or presence into your online communications. And I make no excuse for writing about this again.
    Cheap Cigarettes, Discount Tobacco and Cigars Online - Is It Legal?
    Many people online today still believe that buying tobacco products via the Internet is an experience that is doomed to failure. Either, the package will go astray, or the HM Customs and Excise storm troopers will smash down the door and abseil from the roof to collect the pennies that they are allegedly due for "tax evasion".
    Keep Your Customers Happy by Organizing Your Payment Options
    Anyone using a slow, or an awkward payment processor had better wake up!There are some very slick ways to transfer money around the globe, in todays, lightning fast world, both your customers and your suppliers demand payment in the click of a mouse.The processing companies have been fiercely competing with each other for years now, every so often, they revamp and recalibrate.
    Increasing E-commerce Website Sales
    With consumers purchasing billions of dollars of merchandise online each and every year, the Internet has become the key to financial security. The e-commerce business has consistently thrived well above all other online enterprises, and continues to flourish.
    Online Merchant Account - Costs and Alternatives
    Merchant Account BasicsA Merchant Account is a commercial bank account established by a merchant to receive payment via credit cards. Three parts are required to accept credit cards.
    Accept Credit Cards Online Without A Merchant Account
    It is often assumed if you want to accept creditcards on your website that you must have a merchantaccount. This is not the case.