SSL: Something you have been neglecting for a while
What it is?
SSL (Secure Socket Layer) are cryptographic protocols that provide communication security over the Internet. They use asymmetric cryptography for authentication of key exchange, symmetric encryption for confidentiality and message authentication codes for message integrity.
In simple language, SSLs secure confidential data exchange between a visitor and the website. Whether it be login data, credit card information or any other personal information, SSLs secure this data and using its encryption methods, it prevents data to be easily be intercepted by hackers.
How to identify a SSL?
The simplest way to know if a SSL is being used is by checking the web address of the website you want to check. If it is secured with a SSL, the web address will begin with https:// instead of http://. The "s" stands for Secure in the otherwise well known HTTP (HyperText Transfer Protocol).
What are the different types of certificates?
Domain Validation (DV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.
Organisation Validation (OV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organisation. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust.
EV SSL Certificates (EV) are available for all types of businesses, including government entities and both incorporated and unincorporated businesses. A second set of guidelines, the EV Audit Guidelines, specify the criteria under which a CA needs to be successfully audited before issuing EV SSL Certificates. The audits are repeated yearly to ensure the integrity of the issuance process.
EV SSL are quite popular (but very expensive) since they offer the "Green Bar", eg.
What is a Certificate Authority and how to identify one?
Certificate Authority (CA) issues SSL certificates to the general public. Several CAs operate thus obtaining SSLs is cheap nowadays.
Some of the popular CA are VeriSign, Thawte, GeoTrust, TrustWave, Comodo, Godaddy, GlobalSign, RapidSSL, QuickSSL.
To get more information on the Company which is using the SSL and the CA, you can click on the small lock before the "https".
Here's an example of what the outcome will be:
You can see the company name and location, the CA, which in this case is VeriSign, type of SSL, which in this case is Extended Validation, level of encryption, which in this case is 128-bit encryption and many other details.
For Sellers (or Merchants)
How much do these cost?
Cost for SSL varied depending on the type of SSL. However on an average you can obtain a DV SSL easily for as low as $8. Though the cost for SSL starts from approx. $8, they can go to as high as thousands of dollars depending on the level of protection, encryption, warranty, and CA (Comodo and RapidSSL are considered as cheapest and VeriSign as the costliest).
Are they really necessary?
Of course not. You can still sell whatever you want without the trust of SSL but you will be forgoing potential revenue that could have been obtained from customers who refrained from buying from you because you couldn't afford to implement simply SSL protection. Looking at the green https signifies trust and faith in the business. This is the reason why credit card companies, financial institutions, member-accessed sites have SSLs to protect the confidential information of a user.
What do I need to get started?
To get started you can get a Domain Validation SSL which is quite affordable and can be activated within 24 hours. You however need a dedicated IP.
For Buyers (or Customers)
What should I do if a Merchant doesn't have a SSL?
In my opinion you shouldn't buy from that Merchant since your data is unprotected. Your data is at risk and this could lead to several problems (such as identity theft, credit card fraud, etc.).
What it is?
SSL (Secure Socket Layer) are cryptographic protocols that provide communication security over the Internet. They use asymmetric cryptography for authentication of key exchange, symmetric encryption for confidentiality and message authentication codes for message integrity.
In simple language, SSLs secure confidential data exchange between a visitor and the website. Whether it be login data, credit card information or any other personal information, SSLs secure this data and using its encryption methods, it prevents data to be easily be intercepted by hackers.
How to identify a SSL?
The simplest way to know if a SSL is being used is by checking the web address of the website you want to check. If it is secured with a SSL, the web address will begin with https:// instead of http://. The "s" stands for Secure in the otherwise well known HTTP (HyperText Transfer Protocol).
What are the different types of certificates?
Domain Validation (DV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.
Organisation Validation (OV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organisation. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust.
EV SSL Certificates (EV) are available for all types of businesses, including government entities and both incorporated and unincorporated businesses. A second set of guidelines, the EV Audit Guidelines, specify the criteria under which a CA needs to be successfully audited before issuing EV SSL Certificates. The audits are repeated yearly to ensure the integrity of the issuance process.
EV SSL are quite popular (but very expensive) since they offer the "Green Bar", eg.
What is a Certificate Authority and how to identify one?
Certificate Authority (CA) issues SSL certificates to the general public. Several CAs operate thus obtaining SSLs is cheap nowadays.
Some of the popular CA are VeriSign, Thawte, GeoTrust, TrustWave, Comodo, Godaddy, GlobalSign, RapidSSL, QuickSSL.
To get more information on the Company which is using the SSL and the CA, you can click on the small lock before the "https".
Here's an example of what the outcome will be:
You can see the company name and location, the CA, which in this case is VeriSign, type of SSL, which in this case is Extended Validation, level of encryption, which in this case is 128-bit encryption and many other details.
For Sellers (or Merchants)
How much do these cost?
Cost for SSL varied depending on the type of SSL. However on an average you can obtain a DV SSL easily for as low as $8. Though the cost for SSL starts from approx. $8, they can go to as high as thousands of dollars depending on the level of protection, encryption, warranty, and CA (Comodo and RapidSSL are considered as cheapest and VeriSign as the costliest).
Are they really necessary?
Of course not. You can still sell whatever you want without the trust of SSL but you will be forgoing potential revenue that could have been obtained from customers who refrained from buying from you because you couldn't afford to implement simply SSL protection. Looking at the green https signifies trust and faith in the business. This is the reason why credit card companies, financial institutions, member-accessed sites have SSLs to protect the confidential information of a user.
What do I need to get started?
To get started you can get a Domain Validation SSL which is quite affordable and can be activated within 24 hours. You however need a dedicated IP.
For Buyers (or Customers)
What should I do if a Merchant doesn't have a SSL?
In my opinion you shouldn't buy from that Merchant since your data is unprotected. Your data is at risk and this could lead to several problems (such as identity theft, credit card fraud, etc.).