The good-to-know’s of SSL and SSL Certificates

Posted on Jun 15, 2009


Must-knows of SSL and SSL Certificates:

  • SSL, short for Secure Sockets Layer, is a protocol for transmitting private information via the Internet
  • SSL is all about encryption; some of us might even know that SSL uses two keys to encrypt data, a public and a private key
  • SSL is a must-have for e-commerce websites
  • We know we’re on an SSL protected page when the URL begins with “https” and there is a closed padlock icon on the browser

Now, let’s take a look at the good-to-know’s of SSL and SSL Certificates.

How does it work?

An SSL-encrypted connection is established via the SSL “handshake” process.

 

This process is transparent to the end user. The “padlock” icon in the browser and the “https://” prefix in the URL are the only visible indications of a secure session in progress.

 

By contrast, if a user attempts to submit personal information to an unsecured Web site (i.e., a site that is not protected with a valid SSL certificate), the browser’s built-in security mechanism triggers a warning to the user, reminding him/her that the site is not secure and that sensitive data might be intercepted by third parties. Faced with such a warning, most Internet users will likely leave the unsecured site.

What information is contained on an SSL Certificate?

An SSL Certificate contains the following information:

  • the certificate holder’s name
  • the certificate’s serial number and expiration date
  • a copy of the certificate holder’s public key
  • the digital signature of the certificate-issuing authority (ie. GeoTrust)

Does it matter if the encryption strength is 40-bit or 128-bit?

Encryption strength is measured in key length – the number of bits in the key. To decipher an SSL communication, one needs to generate the correct decoding key. Mathematically speaking, 2n possible values exist for an n-bit key. Thus, a 40-bit encryption involves 240 possible values. A 128-bit key involves 2128 possible combinations, rendering the encrypted data impossible to hack. In simple terms, the difference between a 40-bit and a 128-bit encryption is akin to securing your financial information behind a deadbolt vs. a bank vault.

But, the actual encryption strength on a secure connection is determined by the level of encryption supported by the user’s browser and the server that the website resides on. The majority of browsers support a 128-bit encryption. In other words, if you have the GeoTrust QuickSSL (up to 256-bit) on your website and your visitor’s browser supports 128-bit, information transferred between your website and your visitor’s browser will be encrypted with a 128-bit encryption.

How do I purchase an SSL Certificate? What do I need to know?

Doteasy is a reseller of the GeoTrust Quick SSL Certificate. We offer the 1 year QuickSSL certificate for US$159.

The most important thing you need to keep in mind is that the dedicated SSL Certificates are created to function with one unique domain name. For example, if the certificate is issued to the domain www.yourdomain.com, the correct secure URL will be https://www.yourdomain.com. A visitor going to https://yourdomain.com or https://shop.yourdomain.com will not see the padlock icon and instead will see a mismatch certificate error message.

I am not running an e-commerce website, do I still need an SSL Certificate?

SSL Certificates are used to prevent hackers from stealing private information. Here are the reasons why you should consider using an SSL Certificate even if you’re not running an e-commerce site:

  1. Keep your visitors information private – If you process sensitive data such as address, birth date, license, or ID numbers (ie. as part of a signup or login form), an SSL Certificate will keep your visitor information private and help ensure that their personal data is not stolen or tampered with (aka. identity theft)
  2. 2. Give yourself a competitive edge – A secure site will help you gain a competitive advantage over those who do not secure their customer data. Savvy customers will click away from a website when conducting transactions or giving private data if the site does not appear to have secure areas.
  3. 3. Help your site appear legitimate – An SSL Certificate will help your site to appear legitimate and trustworthy.

I have an SSL Certificate installed, but the padlock icon is not displaying in the browser?

This issue will occur if your webpage is displaying images, banners or scripts that are coming from a server that is not secured.

To resolve this issue, you will need to make sure all items on the website are secured.

  1. If frames are being used, ensure that the entire website is being secured, and not just the framed page
  2. If images are being used, ensure all images are secured (referenced with https:// prefixes rather than http://)
  3. Ensure scripts and codes (ie. JavaScript) are not being referenced from a non-secure source

Comments

comments