What is SSL (the little padlock)?


SSL ("Secured Socket Layer") is a protocol used to encrypt the communication between the user's browser and the web server. When SSL is active, a "little padlock" appears on the user's browser, usually in the status line at the bottom (at the top for Mac/Safari users.)

This assures the user that sensitive data (such as credit card numbers) can't be viewed by anyone "sniffing" the network connection (which is an increasing risk as more people use wireless networking).

Common web site owner questions about SSL:

How do I get the little padlock on my site?

To get the little padlock, your site must have an SSL Certificate from a Certificate Authority. Once an SSL Certificate has been purchased and installed, it provides three things:

  • The ability to show a page in "Secure Mode", which encrypts the traffic between the browser and the server, as indicated by the "little padlock" on the user's browser.
  • A guarantee by the issuing Certificate Authority that the domain name the certificate was issued for is indeed owned by the specific company or individual named in the certificate (visible if the user clicks on the little padlock).
  • An assurance that the domain name the certificate was issued for is the domain name the user's browser is now on.

    • Once obtained, the certificate must be installed on the web server by your web host. Since your web host also has to generate an initial cypher key to obtain the certificate, very often they will offer to handle the process of obtaining the certificate for you.

    My web host has a "shared certificate" that I can use. Should I?

    It's still fairly common for small sites to use a shared certificate from the host. In this circumstance, when a page needs to be shown in secured mode, the user is actually sent to a domain owned by the web host, and then back to the originating domain afterwards.

    A few years ago, when SSL Certificates were quite expensive (around $400 per year), this was real attractive for new sites just getting their feet wet in e-commerce. Today, with a number of perfectly functional SSL certificates available for under $100 (exclusive of installation, etc.), it is a lot less attractive. Since your user can look a the address line of his or her web browser and see that the site asking for the credit card number is not the site he or she thought they were on, the cost savings is probably not worth the risk of scaring off a sale.

    What's the difference between the expensive SSL Certificates and the inexpensive ones?

    Usually, mostly price. Some expensive certificates have specific functions, like securing a number of different subdomains simultaneously (a "wildcard" certificate), but the effective differences between basic single site certificates are very slight, despite the wide range of prices:

    The encryption mechanism used by all of them is the same, and most use the same key length (which is an indicator of the strength of the encryption) common to most browsers (128 bit).

    Some of them ("chained root" certificates) are slightly more of a pain for your web host to install than others ("single root" certificates), but this is pretty much invisible to the site owner.

    The amount of actual checking on the ownership of the domain varies wildly between vendors, with some (usually the more expensive) wanting significant documentation (like a D&B number), and others handling it with an automated phone call ("press #123 if you've just ordered a certificate").

    Some of them offer massive monetary guarantees as to their security (we'll pay you oodles of dollars if someone cracks this code), but since it's all the same encryption mechanism, if someone comes up with a crack, all e-commerce sites will be scrambling, and the odds of that vendor actually having enough cash to pay all of its customers their oodle is probably slim.

    The fact is that you are buying the certificate to insure the safety of the user's data, and to make the user confident that his or her data is secure. For the vast majority of users, simply having the little padlock show up is all they are looking for. There are exceptions (I have a client in the bank software business, and they feel that their customers (bank officers) are looking for a specific premier name on the SSL certificate, so are happy to continue using the expensive one), but most e-commerce customers do not pick their sellers based on who issued their SSL Certificates.

    My advice is to buy the cheaper one.

    I have an SSL certificate -- why shouldn't I serve all my pages in "Secured" mode?

    Because SSL has an overhead -- more data is sent with a page that is encrypted than a page that isn't. This translates to your site appearing to run slower, particularly for users who are on dial-up or other slow connections. Since this also increases the total amount of data transfered by your site, if your web host charges by transfer volume (or has an overage fee, as most do), this can increase the size of your monthly hosting bill.

    The server should go into secure mode when asking a user for financial or other sensitive data (which may well be "name, address and phone number", with today's risk of identity theft), and operate in normal mode otherwise.


    More Resources

    Unable to open RSS Feed $XMLfilename with error HTTP ERROR: 404, exiting

    More E-Commerce Information:

    Related Articles

    The Rise of Multinational Virtual Corporations
    The virtual corporation is the emerging organisational form, which best combines, a fluid ability to adapt to rapidly changing markets and is able to leverage its skills with the complementary skills of other corporations.In the concept's purest form, each company that links up with others to create a virtual corporation will be stripped to its essence.
    Online Payments Make It Easy For Your Customers To Buy
    In the last column we discussed the process of credit card enabling your brick-and-mortar business. I pointed out that research has shown that accepting credit cards can help increase revenue and speed up cash flow.
    Intranet - The Benefits Realisation Plan
    The Millennium ExperienceA successful project is one that delivers on-spec ('quality'), time and cost. Right? Well consider these two projects?The Millennium Dome was delivered on time for the 31 December 1999 and safely within a budget (fixed in 1998) of £289 million.
    Saving Money On Your E-commerce Site
    After building and transferring many e-commerce sites it still amazes me that owners of e-commerce businesses are still wasting money in three basic ways. For fear of stating the obvious, saving money is the same as making money $100 saved is $100 added to your profit margin.
    The Webmasters Assistant
    There are many tools available to a webmaster to analyse website traffic allowing them to monitor the number of visitors, see what pages have been accessed and even the length of time each visitors spends accessing the website.However, despite the considerable data available what is missing is anything to tell the webmaster what the visitor was thinking.
    Getting Started in ECommerce - Part One
    In 2004, Enquiro.com conducted a study of the search behaviors of men vs.
    Does Your Shopping Cart Have a Squeaky Wheel?
    Have you ever gone grocery shopping just before a holiday? The aisles are packed with people pushing carts, shelves need restocked, all the checkout lanes have long lines..
    7 Key Steps To Reduce Refunds and Chargebacks
    One sure-fire way to loosing out big time on your business profits is from incidences of excessive refunds and chargeback requests. If the number is high in any period you could risk loosing your third party merchant account altogether.
    Mr and Mrs Smith Go Online, as Internet Technology Moves from Fantasy to Normality
    According to NOP World, 48% of all Internet users have researched or purchased financial products such as insurance and loans on the internet, or used online banking facilities. In April, NOP World had already recorded estimates of 28 million people online in Great Britain, with 13.
    10 Compelling Benefits of Having A 3rd Party Merchant Account
    If you have been wrestling with the idea of applying for your own 3rd party merchant account then take a look at the following compelling benefits of using a 3rd party provider to mange all of your credit card processing needs.1.
    Using Drop Shipping for E-commerce
    Thanks to the ubiquity of the internet, online virtual businesses have become very popular business opportunities. Online retail stores are gradually playing a more important role in our lives than the traditional 'brick-and-mortar' retail shops.
    The Lowdown On ECommerce: Making All The Pieces Fit Together
    The Lowdown on EcommerceEcommerce is truly the most confusing aspect of purchasing web design services. This is unfortunate since most (if not all) businesses online would like to provide their customers and potential customers with easy access their products or services.
    Delivering Information Products Through Paypal Automatically
    Paypal is one of the wonders of the web. Never has it been easier for individuals or small business to receive payments though the web & to be able to accept payment though debit or credit cards without having to own a merchant account.
    The Plain Man's Guide to Making Money Online
    I'm a plain man who uses plain thinking in devising strategies for making money online.I do not spend obscene mounts of money attending high ticket web conferences nor do I rush to purchase the latest collection of web casts at outrageous prices.
    Are You Making These E-Commerce Excuses? (part 1)
    A year ago, I had big plans to re-vamp my web site. I was going to publish my e-newsletter twice a month - every month, and I was going to upgrade my own e-commerce capabilities.
    Tell Site Visitors What To Do
    Your site visitors make all the choices when it comes to browsing the Web.No other medium gives users, readers or customers such control over their own experience.
    Six Components Of A Good E-Commerce Site
    Businesses, which are still sitting on sidelines and not doing business on the Internet, should think seriously about their position! If you are one of them, chances are there, that you have to pay dearly for your indecision as you might lose significant market share to your more proactive competitors in a very short period of time.Apart from the fact that e-commerce is growing at the rate of more than 25 percent a year, the use of online features can bring efficiency to virtually every aspect of business process, be it supply chain management or customer support management.
    Electronic Commerce Tax Jurisdiction and Principles of Permanent Establishment
    The principle of "permanent establishment" is very important for avoidance the conflict of law of matter connected imposition of taxation. In the absence of a permanent establishment, a country where goods or services are sold has no jurisdiction to tax the resulting profits.
    The Art of Being Human
    This isn't the first time I have written about the benefits of inserting a human voice or presence into your online communications. And I make no excuse for writing about this again.
    E-commerce: Is It Right for You?
    The birth of the Internet and the mass availability of personal Computers in the late 80's changed peoples life forever, Everyone now has had the potential to be their own boss whether you are mother at home looking after your children or a manual laborer there are opportunities in abundance . Just a search on Google for business opportunities will bring up more offers than your parents would have had in their whole life.