T H E • I P O W E R • I N F O R M E R

NOTE: Please accept our sincerest apologies if this newsletter was sent to you in error.
Information for unsubscribing can be found at the bottom of this email.

Required to protect sensitive data online

by Ryan Welton
Practical eCommerce Contributor

How do you know that I am who I say I am? Likewise, how do I know you are who you say you are?

And, if we can’t catapult past this initial, basic level of trust – how will we ever be able to conduct business together?

In the web world, it’s done with an SSL certificate. SSL stands for ‘Secure Sockets Layer,’ which protects information transferred conventionally over the web using encryption enabled by the certificate.

According to tech-encyclopedia.com, an SSL digital certificate is “an electronic file that uniquely identifies individuals and servers. Digital certificates allow the client (web browser) to authenticate the server prior to establishing an SSL session.”

In more palatable language, the SSL certificate ensures that each party in an electronic transaction is identified accurately. It is the standard by which electronic transactions can be made with confidence.
For example, some folks look for the picture of the padlock in the bottom-right corner of a browser window. Others look for the ‘s’ in https:// as part of the URL protocol. Either is indicative of an SSL certificate being established on a web site – and in particular, the part of a web site where you would enter sensitive information.

Nobody expects an SSL certificate to be installed on your ‘About Us’ page. However, anywhere a customer would enter a credit card number had better be under the protective umbrella of SSL, else savvy web users will look elsewhere to conduct business.

So, how does SSL work exactly?

First, it helps to know up-front that web servers execute SSL transactions with a couple of keys: a public key and a private key. This is part of a larger concept known as the Public Key Infrastructure, which is comprised of everything involved with providing public-key encryption.

When a web surfer visits a secure web page, the server sends the browser its public key, along with a certificate. The browser checks out the credentials of the certificate to make sure it’s from a trusted party.

If everything is copasetic, the browser uses the public key to generate another key, known as an encryption key. The server uses its private key to decrypt it, and then deliver secure information to the authenticated requestor. Under an SSL arrangement, only the authenticated browser can receive the information sent by the server and only the trusted server can handle secure information from the browser.

Nobody and nothing can intercept the information.

So, how do you get an SSL certificate for your ecommerce web site?

First, your hosting provider will need to generate what’s called a key and a Certificate Signing Request (CSR). This will be provided to your SSL vendor. At the time this is given to whoever you choose as your SSL provider, you’ll be required to pony up for the certificate. Price for SSL Certificates varies from vendor to vendor.

The trickiest part of this entire process comes next.

You have to identify yourself.

Doesn’t sound so tricky; however, these SSL providers maintain a level of security unmatched by any governmental entity – or so it seems. You’ll provide the vendor with written authorization, technical and billing contact information as well as proof of organization existence and domain ownership. Proof could include something as official as a notarized letter.

Once you have been authenticated by your SSL provider, they will issue a certificate to you. It looks like a paragraph of complete gibberish. Your hosting provider will install it on the server. That work alone takes only minutes. Once installed, you’ll need to update your HTML links pointing to newly secured pages. Instead of pointing to http://www.yoursite.com/shopping -- for example -- your HTML will need to point to https:// … proving you are who you say you are to the SSL vendor might give you a bit of a headache, knowing that your customers can have confidence in your site security is enough to cure it – and then some.
Again, the ‘s’ signifies a page protected by an SSL certificate.

For the vast majority of ecommerce proprietors, this process will be ultra easy because they will have partnered with hosting providers who have plenty of SSL-installation experience.

<< Back to IPOWER Newsletter

Copyright 2006, IPOWER, Inc. All rights reserved.