What is SSL (the little padlock)?

SSL ("Secured Socket Layer") is a protocol used to encrypt the communication between the user's browser and the web server. When SSL is active, a "little padlock" appears on the user's browser, usually in the status line at the bottom (at the top for Mac/Safari users.)

This assures the user that sensitive data (such as credit card numbers) can't be viewed by anyone "sniffing" the network connection (which is an increasing risk as more people use wireless networking).

Common web site owner questions about SSL:

How do I get the little padlock on my site?

To get the little padlock, your site must have an SSL Certificate from a Certificate Authority. Once an SSL Certificate has been purchased and installed, it provides three things:

  • The ability to show a page in "Secure Mode", which encrypts the traffic between the browser and the server, as indicated by the "little padlock" on the user's browser.
  • A guarantee by the issuing Certificate Authority that the domain name the certificate was issued for is indeed owned by the specific company or individual named in the certificate (visible if the user clicks on the little padlock).
  • An assurance that the domain name the certificate was issued for is the domain name the user's browser is now on.

    • Once obtained, the certificate must be installed on the web server by your web host. Since your web host also has to generate an initial cypher key to obtain the certificate, very often they will offer to handle the process of obtaining the certificate for you.

    My web host has a "shared certificate" that I can use. Should I?

    It's still fairly common for small sites to use a shared certificate from the host. In this circumstance, when a page needs to be shown in secured mode, the user is actually sent to a domain owned by the web host, and then back to the originating domain afterwards.

    A few years ago, when SSL Certificates were quite expensive (around $400 per year), this was real attractive for new sites just getting their feet wet in e-commerce. Today, with a number of perfectly functional SSL certificates available for under $100 (exclusive of installation, etc.), it is a lot less attractive. Since your user can look a the address line of his or her web browser and see that the site asking for the credit card number is not the site he or she thought they were on, the cost savings is probably not worth the risk of scaring off a sale.

    What's the difference between the expensive SSL Certificates and the inexpensive ones?

    Usually, mostly price. Some expensive certificates have specific functions, like securing a number of different subdomains simultaneously (a "wildcard" certificate), but the effective differences between basic single site certificates are very slight, despite the wide range of prices:

    The encryption mechanism used by all of them is the same, and most use the same key length (which is an indicator of the strength of the encryption) common to most browsers (128 bit).

    Some of them ("chained root" certificates) are slightly more of a pain for your web host to install than others ("single root" certificates), but this is pretty much invisible to the site owner.

    The amount of actual checking on the ownership of the domain varies wildly between vendors, with some (usually the more expensive) wanting significant documentation (like a D&B number), and others handling it with an automated phone call ("press #123 if you've just ordered a certificate").

    Some of them offer massive monetary guarantees as to their security (we'll pay you oodles of dollars if someone cracks this code), but since it's all the same encryption mechanism, if someone comes up with a crack, all e-commerce sites will be scrambling, and the odds of that vendor actually having enough cash to pay all of its customers their oodle is probably slim.

    The fact is that you are buying the certificate to insure the safety of the user's data, and to make the user confident that his or her data is secure. For the vast majority of users, simply having the little padlock show up is all they are looking for. There are exceptions (I have a client in the bank software business, and they feel that their customers (bank officers) are looking for a specific premier name on the SSL certificate, so are happy to continue using the expensive one), but most e-commerce customers do not pick their sellers based on who issued their SSL Certificates.

    My advice is to buy the cheaper one.

    I have an SSL certificate -- why shouldn't I serve all my pages in "Secured" mode?

    Because SSL has an overhead -- more data is sent with a page that is encrypted than a page that isn't. This translates to your site appearing to run slower, particularly for users who are on dial-up or other slow connections. Since this also increases the total amount of data transfered by your site, if your web host charges by transfer volume (or has an overage fee, as most do), this can increase the size of your monthly hosting bill.

    The server should go into secure mode when asking a user for financial or other sensitive data (which may well be "name, address and phone number", with today's risk of identity theft), and operate in normal mode otherwise.

    Updates to this article, and many other great articles and tutorials for small business web site owners can be found at Insanely Great Sites!

    In The News:

    pen paper and inkwell


    cat break through


    The Origins of E-Commerce

    What is the Internet?In order to provide a discussion on... Read More

    Electronic Commerce Tax Jurisdiction and Principles of Permanent Establishment

    The principle of "permanent establishment" is very important for avoidance... Read More

    Shopping from Your Cell Phone with Froogle Wireless

    Many surfers already know about Froogle, Google's shopping portal that... Read More

    Increasing E-Commerce Website Sales: A Guide for the Online Newbie

    Because of this encouraging surge in activity, many individuals are... Read More

    Shopping Cart Usability

    Usable Shopping Carts Increase SalesE-commerce has been around since 1993... Read More

    Accepting Credit Card Payments Online

    Being able to accept credit cards and other online payments... Read More

    Your Affiliate Web Site Is Built ? Now What?

    When I first got my web site built, I thought... Read More

    Choosing An Internet Merchant Account

    Surf to Google and perform a search on "Internet Merchant... Read More

    Does Your Shopping Cart Have a Squeaky Wheel?

    Have you ever gone grocery shopping just before a holiday?... Read More

    Select a Niche Market for Ecommerce

    Choosing a carefully pinpointed niche market should be one of... Read More

    Guide To Safe Online Shopping

    Online shopping can be a little frightening to people who... Read More

    Online Payments Make It Easy For Your Customers To Buy

    In the last column we discussed the process of credit... Read More

    Online Credit Card Processing - How to Accept Credit Cards - Ecommerce 101

    Back in 1998 (through 2000 or so), I worked for... Read More

    The Census and the E-Commerce Wave

    Understanding business and product sales can sometimes put me in... Read More

    Why Arent People Buying From Your Ecommerce Website?

    Your stock is tempting, your prices right - your ecommerce... Read More

    The Lowdown On ECommerce: Making All The Pieces Fit Together

    The Lowdown on EcommerceEcommerce is truly the most confusing aspect... Read More

    Saving Money On Your E-commerce Site

    After building and transferring many e-commerce sites it still amazes... Read More

    Succeed With Your Own Home Based Business

    An internet business is by far the best way to... Read More

    Merchant Accounts: What They Can Do For You

    Congratulations! You created an impulse in a customer to buy... Read More

    Shop: Is Shopping Online Secure?

    Is shopping online becoming popular and safe enough for you... Read More

    Accepting Credit Cards For Your Online Business

    Did you know that one of the best ways to... Read More

    3 Powerful Concepts That Climb Marketing Mountains

    You have probably heard many times how you should offer... Read More

    Top 5 Dot Com Myths Debunked

    Most people who get into business know what's involved. They... Read More

    How To Stay Cutting Edge In Online Business

    Let's face it, there's just way too much information out... Read More

    The Five Steps of E-Commerce

    You set up a retail business, you advertise in your... Read More

    Selling Globally Through a B2B Exchange

    Participation in B2B Exchanges is increasingly becoming one of the... Read More

    The Internet Challenge

    In spite of the increasing attention on how the Internet... Read More

    The Webmasters Assistant

    There are many tools available to a webmaster to analyse... Read More

    Selecting The Right Shopping Cart For Your Website

    Shopping Cart Installation And SetupShopping cart technology has evolved to... Read More

    How to Gain Your Visitors Trust

    If you are serious about selling on the world wide... Read More

    Ecommerce Comes from Customer Satisfaction

    Online shopping is convenient, but many companies whose web sites... Read More

    Tell Site Visitors What To Do

    Your site visitors make all the choices when it comes... Read More

    Evaluating Vendors of Ecommerce Fulfillment Services

    Once your website has secured an order, you have to... Read More