What Is SSL?
A basic introduction to SSL and how it helps to protect information

© KadabraStudios.com - All content is the exclusive property of Kadabra Studios and protected by filed copyright.

With all the media coverage about the dangers of using a credit card on the Internet, consumer apprehension continues to be a major obstacle for web stores. For this reason, it is imperative that you not only secure your web site, but also make it known that you do.

Your customers need to feel secure with you, your product or service, your company and your security measures before they will freely give you their credit card information. While your site’s design and functionality will help shape their perception of you, your product or service, and your company, it is your site’s security that can very well make or break the sale.

When Netscape introduced SSL (secure-sockets layer) in 1995, it paved the way for online information security. SSL is essentially an encryption technology that scrambles a message so that only the intended recipient can read it. URL’s that begin with “https://” are using SSL to protect information (think of the “s” as meaning “secure”). While SSL is not the only method available for providing secure transactions on the Internet, it is the most popular.

The introduction of SSL was a virtual gift to the e-commerce community because it dramatically reduced transaction risk and increased consumer confidence. Through SSL, a customer’s information is only available to the intended merchant through an encrypted code; thus making the message useless to anyone who tries to intercept it.

To get SSL working, you will need a digital ID (also known as an authentication certificate) from a trusted third-party source. This certificate is like an online passport or driver’s license. It’s essentially a form of identification that confirms that you are who you say you are. Using your cousin Moe as a trusted third-party source won’t cut it. The certificate must come from an industry-accepted firm such as Verisign, Thawte, or GeoTrust.

Encryption is like a secret code that prevents others from reading your messages. The elements of an encryption system are the plaintext, the cryptographic algorithm, the key, and the ciphertext. The plaintext is the actual message or data that is to be encrypted. The cryptographic algorithm is a mathematical set of rules that defines how the plaintext is to be combined with a key. The key is a string of digits, and the ciphertext is the resulting encrypted message.

These terms are probably best illustrated with a very simple example. If you take the phrase “Computer” and add 3 characters to each letter, the phrase becomes “Frpxwhu”.

In this situation:

“Computer” is the plaintext
“add 3 characters to each letter” is the cryptographic algorithm
“3” is the key
“Frpxwhu” is the ciphertext.

Here in detail are the steps taken during an SSL transaction:

1. The client sends a request for a document to be transmitted using the “https://” protocol.

2. The server sends its certificate to the client.

3. The client checks to see if the certificate is verified by a trusted source. If not, the user is given the opportunity to proceed or terminate the transaction.

4. The client compares the information in the certificate with the information it received (the domain name and key). If this information is a match, the client accepts the site as authenticated.

5. The client tells the server what ciphers, or encryption algorithms, it can communicate with.

6. The server chooses the strongest common cipher and informs the client of its choice.

7. The client generates a key using the agreed upon cipher.

8. The client then encrypts the key and sends it to the server.

9. The server receives the encrypted key and decrypts it.

10. The client and server then use the key for the rest of the transaction.

To implement this kind of encryption technology, you need to enable SSL on your Web server. This typically costs more than standard web hosting, so you may want to ask your web host about the fees associated with a secure connection.

As you can see from the above example, securing information through SSL takes time. To make sure that your pages load quickly, don’t host your entire web site with this technology. Instead, host only the “order center” function of your web site with SSL protection. A good rule of thumb is to operate over a secure connection from the time your customer wants to “check out” to the time the order is confirmed.

SSL does come with a catch. Even if your web server supports SSL, it will only work with SSL-friendly browsers. While most browsers do support SSL, some older versions do not. To accommodate those who cannot place an order via a secure connection, you may want to allow for unsecured orders, although this is not recommended.

Speak with your web host about setting up SSL and establishing a digital ID. Many can help you every step of the way and most will show you how to get it installed and configured. Once you have SSL in place, your customers will feel much more comfortable doing business with you.

View All Articles & Considerations

Available Services