What is SSL (the little padlock)?


SSL ("Secured Socket Layer") is a protocol used to encrypt the communication between the user's browser and the web server. When SSL is active, a "little padlock" appears on the user's browser, usually in the status line at the bottom (at the top for Mac/Safari users.)

This assures the user that sensitive data (such as credit card numbers) can't be viewed by anyone "sniffing" the network connection (which is an increasing risk as more people use wireless networking).

Common web site owner questions about SSL:

How do I get the little padlock on my site?

To get the little padlock, your site must have an SSL Certificate from a Certificate Authority. Once an SSL Certificate has been purchased and installed, it provides three things:

  • The ability to show a page in "Secure Mode", which encrypts the traffic between the browser and the server, as indicated by the "little padlock" on the user's browser.
  • A guarantee by the issuing Certificate Authority that the domain name the certificate was issued for is indeed owned by the specific company or individual named in the certificate (visible if the user clicks on the little padlock).
  • An assurance that the domain name the certificate was issued for is the domain name the user's browser is now on.

    • Once obtained, the certificate must be installed on the web server by your web host. Since your web host also has to generate an initial cypher key to obtain the certificate, very often they will offer to handle the process of obtaining the certificate for you.

    My web host has a "shared certificate" that I can use. Should I?

    It's still fairly common for small sites to use a shared certificate from the host. In this circumstance, when a page needs to be shown in secured mode, the user is actually sent to a domain owned by the web host, and then back to the originating domain afterwards.

    A few years ago, when SSL Certificates were quite expensive (around $400 per year), this was real attractive for new sites just getting their feet wet in e-commerce. Today, with a number of perfectly functional SSL certificates available for under $100 (exclusive of installation, etc.), it is a lot less attractive. Since your user can look a the address line of his or her web browser and see that the site asking for the credit card number is not the site he or she thought they were on, the cost savings is probably not worth the risk of scaring off a sale.

    What's the difference between the expensive SSL Certificates and the inexpensive ones?

    Usually, mostly price. Some expensive certificates have specific functions, like securing a number of different subdomains simultaneously (a "wildcard" certificate), but the effective differences between basic single site certificates are very slight, despite the wide range of prices:

    The encryption mechanism used by all of them is the same, and most use the same key length (which is an indicator of the strength of the encryption) common to most browsers (128 bit).

    Some of them ("chained root" certificates) are slightly more of a pain for your web host to install than others ("single root" certificates), but this is pretty much invisible to the site owner.

    The amount of actual checking on the ownership of the domain varies wildly between vendors, with some (usually the more expensive) wanting significant documentation (like a D&B number), and others handling it with an automated phone call ("press #123 if you've just ordered a certificate").

    Some of them offer massive monetary guarantees as to their security (we'll pay you oodles of dollars if someone cracks this code), but since it's all the same encryption mechanism, if someone comes up with a crack, all e-commerce sites will be scrambling, and the odds of that vendor actually having enough cash to pay all of its customers their oodle is probably slim.

    The fact is that you are buying the certificate to insure the safety of the user's data, and to make the user confident that his or her data is secure. For the vast majority of users, simply having the little padlock show up is all they are looking for. There are exceptions (I have a client in the bank software business, and they feel that their customers (bank officers) are looking for a specific premier name on the SSL certificate, so are happy to continue using the expensive one), but most e-commerce customers do not pick their sellers based on who issued their SSL Certificates.

    My advice is to buy the cheaper one.

    I have an SSL certificate -- why shouldn't I serve all my pages in "Secured" mode?

    Because SSL has an overhead -- more data is sent with a page that is encrypted than a page that isn't. This translates to your site appearing to run slower, particularly for users who are on dial-up or other slow connections. Since this also increases the total amount of data transfered by your site, if your web host charges by transfer volume (or has an overage fee, as most do), this can increase the size of your monthly hosting bill.

    The server should go into secure mode when asking a user for financial or other sensitive data (which may well be "name, address and phone number", with today's risk of identity theft), and operate in normal mode otherwise.


    More Resources

    Unable to open RSS Feed $XMLfilename with error HTTP ERROR: 404, exiting

    More E-Commerce Information:

    Related Articles

    Shopping Cart Usability
    Usable Shopping Carts Increase SalesE-commerce has been around since 1993 under many different names, but one thing remains constant; shoppers want usable web sites. Without a usable shopping cart the sites typically fail from poor performance.
    Online Shoppers Say They'll Buy from Small and Large E-Businesses Alike
    As the holiday shopping season begins in earnest, consumers say they're just as willing to buy from small online retailers as they are from large, national e-commerce providers.In addition to this key finding, a new national survey of 2,500 consumers discovered extremely high levels of consumer participation in - and satisfaction with - shopping on the Internet, despite continuing concerns for security and privacy.
    One Point Two Billion
    In this surreal world of the internet, anyone, even you, can put your point across to a staggering number of people inevery country on the planet.From political activists to artists and writers, can now findan audience to take notice of them where they could not getmuch attention in their local community.
    Credit Card Processing - 7 Things You Need to Know Before Opening an Online Merchant Account
    When considering opening an online merchant account to accept credit card orders, there are a lot of things you need to keep in mind. The best thing to do is learn all about credit card processing before you open your online merchant account so you can handle everything from the beginning rather than having to go back and make many changes.
    The House Of Print.Com
    Publishing has always been a difficult business to promotesuccessfully, which titles by which authors to promote, which genre, will it be fiction or non-fiction? Will theysell? Will they make money, both for the publisher and for the author? So many questions which there is no definitiveanswer and so the publisher takes a chance with his moneyand his time and resources and decides on which books to publish, promote and distribute to the bookshops. He may only distribute to bookshops in his own country and if theydon't sell well enough, will not be seen by anyone else in the world.
    Business Online - Blind Hunt
    Do you sell something online? Do you have a business in the Internet? Have you read the "How to generate more traffic and convert it to sales" articles? Have you played the "Be #1 in SEO" game?Now, you are ready to believe - nobody knows how to do it absolutely right.Nobody can know everything.
    The Lowdown On ECommerce: Making All The Pieces Fit Together
    The Lowdown on EcommerceEcommerce is truly the most confusing aspect of purchasing web design services. This is unfortunate since most (if not all) businesses online would like to provide their customers and potential customers with easy access their products or services.
    7 Must Have Scripts to Look for When Shopping for E-commerce Hosting
    When shopping for e-commerce hosting there are a lot of things you need to keep and mind. When you know what to look for it is a lot easier to ensure you get exactly what you need and not leave any important information out.
    Why Our Site Was Removed From The ODP
    Our website, Best Of The Home, has been listed in the Open Directory Project for over a year. Recently, I conducted a search of the ODP for my site, to update it, and found that it was no longer listed in any category.
    What Are The Barriers of Implementing E-Commerce Solutions
    What is electronic commerce?"Electronic commerce is about doing business electronically. It is based on the electronic processing and transmission of data, including text, sound and video.
    Increasing E-commerce Website Sales
    With consumers purchasing billions of dollars of merchandise online each and every year, the Internet has become the key to financial security. The e-commerce business has consistently thrived well above all other online enterprises, and continues to flourish.
    Make That 3 Billion
    My previous article I wrote called "One Point Two Billion" attracted quite some attention, the downloads through all the article syndication services has been astronomicalcompared to any other articles I wrote which are still withthem.It seems the numbers game is popular not only with theaccountancy profession, but with just about anyone runninga website who is interested in more sales from anywhere in the world.
    Retirement Signature Frames - The Perfect Retirement Gift!
    When most people think of a retirement gift, they think of a watch. It's the tried and true gift that companies give employees to say thanks for all the years of hard work.
    How To Prevent Your 3rd Party Merchant Account From Suspension
    What would you do if you were sent an email from your online credit card processor telling you that your account has been suspended or frozen?How are you going to pay the bills in the meantime?It is extremely important for you to familiarize yourself with the terms of your contract with your credit card processor.As long as you comply with their set regulation and guidelines to maintain your account in good standing you should have no problems.
    Products for a Successful Web Business
    There are F words in business. We have seen many small businesses on the internet flourish and fulfil their dream, but sadly we have seen some flounder and fail because they had the wrong product.
    Saving Money On Your E-commerce Site
    After building and transferring many e-commerce sites it still amazes me that owners of e-commerce businesses are still wasting money in three basic ways. For fear of stating the obvious, saving money is the same as making money $100 saved is $100 added to your profit margin.
    Increasing E-Commerce Website Sales: A Guide for the Online Newbie
    Because of this encouraging surge in activity, many individuals are now interested in becoming e-commerce merchants. To profit from your online business, you must first produce a unique website that will intrigue visitors and interest them in your items.
    Getting Started: Creating a Business Plan
    You're excited. You have a great idea for a profitable online business.
    How to Start a Business on the Internet
    So you want to start a business? Good for you. Really, I mean that sincerely.
    Prompt Delivery Rules - Internet Product Sales
    The Internet is the fastest growing source of mail order sales. The explosive growth in the goods and services sold online has in the past taken many online sellers by surprise: demand has outpaced supply, depleting inventories and disappointing customers.