What is SSL (the little padlock)?


SSL ("Secured Socket Layer") is a protocol used to encrypt the communication between the user's browser and the web server. When SSL is active, a "little padlock" appears on the user's browser, usually in the status line at the bottom (at the top for Mac/Safari users.)

This assures the user that sensitive data (such as credit card numbers) can't be viewed by anyone "sniffing" the network connection (which is an increasing risk as more people use wireless networking).

Common web site owner questions about SSL:

How do I get the little padlock on my site?

To get the little padlock, your site must have an SSL Certificate from a Certificate Authority. Once an SSL Certificate has been purchased and installed, it provides three things:

  • The ability to show a page in "Secure Mode", which encrypts the traffic between the browser and the server, as indicated by the "little padlock" on the user's browser.
  • A guarantee by the issuing Certificate Authority that the domain name the certificate was issued for is indeed owned by the specific company or individual named in the certificate (visible if the user clicks on the little padlock).
  • An assurance that the domain name the certificate was issued for is the domain name the user's browser is now on.
  • Once obtained, the certificate must be installed on the web server by your web host. Since your web host also has to generate an initial cypher key to obtain the certificate, very often they will offer to handle the process of obtaining the certificate for you.

    My web host has a "shared certificate" that I can use. Should I?

    It's still fairly common for small sites to use a shared certificate from the host. In this circumstance, when a page needs to be shown in secured mode, the user is actually sent to a domain owned by the web host, and then back to the originating domain afterwards.

    A few years ago, when SSL Certificates were quite expensive (around $400 per year), this was real attractive for new sites just getting their feet wet in e-commerce. Today, with a number of perfectly functional SSL certificates available for under $100 (exclusive of installation, etc.), it is a lot less attractive. Since your user can look a the address line of his or her web browser and see that the site asking for the credit card number is not the site he or she thought they were on, the cost savings is probably not worth the risk of scaring off a sale.

    What's the difference between the expensive SSL Certificates and the inexpensive ones?

    Usually, mostly price. Some expensive certificates have specific functions, like securing a number of different subdomains simultaneously (a "wildcard" certificate), but the effective differences between basic single site certificates are very slight, despite the wide range of prices:

    The encryption mechanism used by all of them is the same, and most use the same key length (which is an indicator of the strength of the encryption) common to most browsers (128 bit).

    Some of them ("chained root" certificates) are slightly more of a pain for your web host to install than others ("single root" certificates), but this is pretty much invisible to the site owner.

    The amount of actual checking on the ownership of the domain varies wildly between vendors, with some (usually the more expensive) wanting significant documentation (like a D&B number), and others handling it with an automated phone call ("press #123 if you've just ordered a certificate").

    Some of them offer massive monetary guarantees as to their security (we'll pay you oodles of dollars if someone cracks this code), but since it's all the same encryption mechanism, if someone comes up with a crack, all e-commerce sites will be scrambling, and the odds of that vendor actually having enough cash to pay all of its customers their oodle is probably slim.

    The fact is that you are buying the certificate to insure the safety of the user's data, and to make the user confident that his or her data is secure. For the vast majority of users, simply having the little padlock show up is all they are looking for. There are exceptions (I have a client in the bank software business, and they feel that their customers (bank officers) are looking for a specific premier name on the SSL certificate, so are happy to continue using the expensive one), but most e-commerce customers do not pick their sellers based on who issued their SSL Certificates.

    My advice is to buy the cheaper one.

    I have an SSL certificate -- why shouldn't I serve all my pages in "Secured" mode?

    Because SSL has an overhead -- more data is sent with a page that is encrypted than a page that isn't. This translates to your site appearing to run slower, particularly for users who are on dial-up or other slow connections. Since this also increases the total amount of data transfered by your site, if your web host charges by transfer volume (or has an overage fee, as most do), this can increase the size of your monthly hosting bill.

    The server should go into secure mode when asking a user for financial or other sensitive data (which may well be "name, address and phone number", with today's risk of identity theft), and operate in normal mode otherwise.


    More Resources

    Unable to open RSS Feed $XMLfilename with error HTTP ERROR: 404, exiting

    More E-Commerce Information:

    Related Articles


    5 Tips for Online Shopping
    Shopping online has become more and more popular in America as we are all looking to save a little time and money. E-commerce sales are growing at astronomical numbers ranging from 20-25% per year.
    Online Shoppers Say They'll Buy from Small and Large E-Businesses Alike
    As the holiday shopping season begins in earnest, consumers say they're just as willing to buy from small online retailers as they are from large, national e-commerce providers.In addition to this key finding, a new national survey of 2,500 consumers discovered extremely high levels of consumer participation in - and satisfaction with - shopping on the Internet, despite continuing concerns for security and privacy.
    What Are The Barriers of Implementing E-Commerce Solutions
    What is electronic commerce?"Electronic commerce is about doing business electronically. It is based on the electronic processing and transmission of data, including text, sound and video.
    Accepting Credit Cards For Your Online Business
    Did you know that one of the best ways to increase sales for any online or offline business is to offer your customers the convenience of paying by credit card? As a merchant, you have several options available when it comes to becoming part of the credit card acceptance and processing chain. Here's a quick guide to get you thinking.
    Creating The Perfect Ecommerce Website
    If you're thinking of jumping on the bandwagon and going into business with your own ecommerce website, you'd do well to look at a few examples before you start. Finding out what a good ecommerce website looks like will help you know what to include - and what to avoid - when you start to set up one of your own.
    Online Shopping: Legal Challenges for Taxing Authorities
    E-commerce offers customers the chance to eliminate many stages in the sales/distribution chain. The mark-ups that occur between manufacturers, wholesalers, distributors, retailers and consumers can add the cost of goods purchased by consumers.
    When Do You Ask For A Refund?
    Have you ever asked to have your money refunded after buying something online? Do you do this often? What are the reasons you've asked for refunds? Savvy marketers will try to find out why without making you feel you should not have asked. This would be valuable information to them.
    Increasing E-Commerce Website Sales: A Guide for the Online Newbie
    Because of this encouraging surge in activity, many individuals are now interested in becoming e-commerce merchants. To profit from your online business, you must first produce a unique website that will intrigue visitors and interest them in your items.
    A Beginners Guide To Setting Up A Successful Online Store
    A beginner's guide to setting up a successful online store Online selling is by no means a simple task. To sell products online not only requires making use of high end marketing strategies but also involves lots of planning.
    Selling Globally Through a B2B Exchange
    Participation in B2B Exchanges is increasingly becoming one of the fastest growing marketing methods for businesses looking foraugmenting their client base beyond their local markets. Any good B2B Exchange offers direct contact with thousands of prospective buyers in a single location.
    Online Merchant Account - Costs and Alternatives
    Merchant Account BasicsA Merchant Account is a commercial bank account established by a merchant to receive payment via credit cards. Three parts are required to accept credit cards.
    Is ECommerce Right for Our Business?
    If your business features products or services for sale, undoubtedly the topic of eCommerce has come up. What is eCommerce? Literally defined as "the conduct of financial transactions by electronic means," it refers to purchases made over the Internet.
    Home Sweet Home Page
    "Your home page is the world's introduction to you and your company. Make it COUNT!" - Heidi RichardsThink of your home page as the cover of your brochure.
    What Does It Take to Make Money Online?
    What a loaded question! Let's narrow that down a bit and take it from the perspective of someone who wants to work from home and make money online in a home business. That will make it an easier question to answer.
    Merchant Accounts: What They Can Do For You
    Congratulations! You created an impulse in a customer to buy your product. One small catch? without some way to take their credit card number, your sale is as good as gone.
    Shopping Carts and the E-Aisles
    Have you ever gone to the store and thought you only needed a few things so you didn't grab a cart? The next thing you know your hands are full and groceries are crashing everywhere making a big mess. If only you had gotten a cart.
    Overcoming Frustration with Technology
    For whatever reason, when we get a new boost in productivity, whether that be from a tool, technology or technique..
    10 Reasons Why People Wont Buy A Second Product From You
    1. You didn't follow up after the first sale.
    Shopping from Your Cell Phone with Froogle Wireless
    Many surfers already know about Froogle, Google's shopping portal that is still in beta testing. Google has now expanded their Froogle service so that it is available on WML-enabled cellular phones.
    Rules for Achieving Online Success
    The Internet brought a great deal of benefits to our life. Access to a lot of free and useful information is, probably, one of the most important out of them.