Anybody who has ever entered personal data on the internet has come into contact with an SSL (Secure Socket Layer) certificate. You might not have known it was there, but your details were stalwartly defended by it. Without SSL certificates, anybody with access to your network (permitted or not!) could intercept, receive and use anything that you enter and send across the internet. Shopping on your favourite e-Commerce site would be impossible if it didn’t have this protection, your username and password would be open for anybody with a little hacking ability to use and peruse. It’s not just registration details that are at risk, more sinister items like bank accounts, credit card numbers, identification; anything that you type into a field and transmit is open to attack.
So how do SSL certificates work?
The first thing to understand about SSL certification is encryption. Encryption has been around since Roman times in one form or another. It involves scrambling or jumbling a piece of information into an unintelligible muddle of symbols using an algorithm. That algorithm is known only to the sender and the recipient. Upon receiving the encrypted data, the recipient then applies the algorithm and unscrambles the data, makes it understandable again. The technique is designed so that even if somebody intercepts the data in transit, without the necessary algorithm they cannot decode it.
So SSL certificates encrypt and decrypt your data when it’s sent across the internet. If you ever log onto a website and you see that the ‘http://’ has changed to ‘https://’ then you know that you’re operating in safety. Another way you may have noticed it is by the appearance of a small padlock icon or a thumbs up somewhere in your browser’s interface. It is the job of the webmaster to ensure that his or her SSL certificates are present and correct. No self-respecting website which requires login details should be without one and you’re well within your rights to be suspicious if that’s the case. SSL certificates can also expire, so if you ever receive a message telling you that the website you’re browsing has an expired certificate, steer clear.
How to get an SSL Certificate?
Not just anybody can go out and buy an SSL certificate. The Certificate Authority (CA) is the screening process behind the procedure. When a website makes a purchase of the certificate, the CA investigates their claim. They check their identity, integrity and references so that they can make assurances that the website is who they say they are and they do what they say they do. If satisfied, the CA will then ‘sign’ the certificate. This is the second purpose of owning an SSL, not only does it protect your information, it authenticates your domain. One of these items alone isn’t enough to be fully trustworthy in the big, bad world of the internet.
The varying price of current SSL certificates doesn’t necessarily correlate to the amount of protection that they offer your data. Most levels operate under the same rate of encryption, but it’s the authentication process which becomes more thorough and therefore more trustworthy (and more expensive.) Cheaper versions may send an e-mail to the domain’s website, knowing that only the domain owner will be able to access it. More expensive options may require a phone call with the line registered to the business address, a personal letter sent to the address or extensive identification documents.
Extended Validation (EV) certificates are the highest level of authenticity that a domain can be granted by the CA. You know a website has been granted an EV because your browser bar will turn green. To be awarded an EV you must pass more stringent tests such as ensuring your day-to-day presence in the operation of the domain. It isn’t enough to be verified as a trusted owner, EV certificates are given to those who will take an active part in the security of their website data. The CA will also assess your level of control over the domain and the level of authority of the people working for you.
SSL certificates of all shapes and sizes can be purchased either through your web host or through an SSL certificate retailer. Some web hosts will include them for free with the server hosting, if not then you’ll have to look at third parties who sell them.
Oliver Macpherson has worked in the IT sector for the past 10 years and has enjoyed working for various companies whilst improving his knowledge of the retail industry. He currently works for SSL247 Certificates.