SSL for Website Security

Security is a very big issue as identity theft and credit card fraud are serious problems online. Naturally, if you are building an e-commerce site, you’ll be dealing with people’s credit information and so you want to do three things.

1. Protect the costumer and their information.
2. Protect the merchant from liability.
3. If you have a good secure site, you are protecting yourself and everybody else involved.

If a person visits your online store, but they don’t feel safe, are they going to purchase anything? Of course not. Your customers need to know they are safe and an SSL is what makes your customers feel safe about shopping with you. A merchant can be sued because of identity theft, lawyers are great at working their way up to food chain. Take the precautions! Without an SSL you lose customers and you open yourself to possible legal liability.

So what is an SSL?

It’s an encryption technology, Secure Socket Layer – a 128 or 256 bit-encryption. It scrambles the code in such a way that outsiders can’t look at it.

128-bit is fine for e-commerce. The 256-bit is what like banks use, where there are long streams of sensitive data.

What is SSL Certificate?

It’s issued by a vendor and it’s an encryption key. This encryption key is put on your host server, that does the SSL encryption. When your host installs the key on your SSL protected site, there is a little padlock down in the corner of your customer’s Web browser that says, “This is a safe site”.  Informed consumers will click on the padlock, which displays this certificate. The certificate verifies the site and certificate ownership – it reassures the customer that
you are who you say you are and that this paddlock assures that this site is protected by SSL.

Where do you get an SSL?

You can do a Google search on SSL Certificates and you will come up with a lot of hits on them. Check with your host. Many hosts actually resell certificates at a very reasonable rate.

How much do they cost?

B between $49 and several hundred dollars but you know around $49 to $89, it’s a very common price to pay for one.

What about shared SSL?

A lot of hosts offer a shared SSL. If a customer clicks on the little gold lock with a shared SSL, the information is about your host and not you. This can shake consumer confidence.

How do you install an SSL? The following steps will help you make your website secure.  If you would like help with this, please feel free to contact Webtiller Designs.

  1. Talk to your host right upfront and ask them what is needed to install an SSL. You will need a dedicated IP to install an SSL.
  2. Find out what the SSL vendor plans on providing you and how they do it.
  3. Make sure your records match. When you go to purchase an SSL Certificate, that certificate is saying, you are who you say you are. If the information you provide to your SSL vendor differs from your company information or from who owns the website, you could run into problems.Read over the SSL vendor’s FAQ information, make sure that all your records are in order and the process goes really smooth. Do this before you purchase  the SSL.
  4. The vendor will provide a key to you. A key is a text document with the encryption code. Transfer it to your host exactly as you get it. You don’t need to open it. If you open it in Word, it will put for the liner apps in there, that are not supposed to be there. If the key doesn’t match up properly because of something that you have inadvertently edited, it won’t work.
  5. Install the SSL in your root directory so your entire site is protected by SSL. If some parts of the site are not protected, a little shield comes up and says some elements of this site may not be under the SSL or protected.
  6. Test your site. Go to your site (any page). If you change the http to https it will invoke the security certificate and the gold lock will appear. If it doesn’t, there is something wrong. There is some performance hit with encryption.
    It may slow things down a bit. There is no need to invoke the security certificate until you actually need it, but it’s there when you need it. Use http links except on checkout pages where it is>