What is an SSL certificate?
The SSL or Secure Sockets Layer is the cornerstone of your internet security: it is sometimes referred to as a digital certificate and establishes an encrypted connection between a website or server and a visitor’s computer and is one of the sturdiest forms of digital security available. It consists of small data files that digitally bind a cryptographic key to a company’s details; installation on a web server allows the activation of the padlock and https protocol via port 443, permitting secure connections between web server and visitor.
How does it all work?
Three digital keys are used to create an asymmetric session key which is used to encrypt sensitive data as it is being transferred from the browser to the website. It works like this:
- The server sends the browser a copy of its asymmetric public key.
- Having created a symmetric session key, the browser encrypts it by means of the server’s asymmetric public key and returns it to the server.
- The server uses its private asymmetric key to decrypt the encrypted symmetric session key.
- Now, a secure channel for the transfer of sensitive data has been created, because only the browser and the server know the symmetric session key; a session key is only viable for that particular session and if the user logs out and connects again later, a new session key will be created.
When are SSL's used?
During a visit or browsing session, the encryption prevents the interception of sensitive information such as credit card details, logins and data transfer by non-authorised individuals. Digital certificates are also increasingly being used for secure browsing on social media web sites. Having a website that is SSL secure increases customer confidence and assures your visitors that your site is trustworthy.
Does my website need digital certification?
- If your website collects credit card information, then you certainly need a Secure Socket Layer. Customers are becoming increasingly aware of the need for online security and are more likely to purchase from you if they know that their sensitive data will be protected.
- If your website forwards customers to a third party payment processor such as PayPal to take credit card details, your website will not touch this sensitive information. However, you must ensure that that visitors do not enter this information while your domain name is still showing on the address bar.
- Does your website require visitors to log in with a username and password? If the answer is yes, you need to make sure your website is secure. If your visitors are logging in to an unsecure website, digital attackers can see their name and address in clear and can use this information to impersonate their identity and because many people use the same password for multiple websites, the attackers can then potentially access their other accounts. If your website allows customers to store their password, you are responsible for protecting it, so a secure login is essential.
It’s important to choose a Secure Socket Layer that has been issued from the Root Certificate of a trusted authority in order for it to be recognised by operating systems such as Microsoft, Java, Mozilla and Opera: if it is not recognised, the end user will see untrusted messages; with the loss of confidence in the website, their business may be lost.
How much does it cost?
- 1 year $150 (ex GST) - includes installation
- 2 years for $260 (ex GST) - includes installation