How does a SSL Certificate work?
A SSL certificate allows you to create a secure web connection with a web server. An SSL connection will encrypt any information being transmitted, protecting it from being stolen or accessed by an outside hacker.
In order to take advantage of an SSL connection, you will first need to purchase a dedicated IP address. This will be necessary particularly if you are operating in a shared web hosting environment. With shared web hosting, multiple web sites are hosted on a single server – and share an IP address. A shared IP functions perfectly well until you need to offer a secure connection.
Many web hosting companies give the option of purchasing a dedicated IP address for a reasonable annual or monthly fee.
Once you have a dedicated IP address, you may purchase a SSL certificate. The SSL certificate will contain a digital signature, your address (including city, state/province, country), your domain name and your company name. SSL certificates also come with an expiry date and details about the Certification Authority (CA) that is responsible for issuing the certificate.
After you purchase the SSL cert, you're ready to go. Here's what happens in a secure transaction:
- A browser will connect to the server hosting your site. It will request to look at the website's SSL certificate.
- The server will transmit a copy of the SSL certificate.
- The browser will then check that the certificate has not expired, that it has been issued by a legitimate Certification Authority, and that it is being used by the website that registered it.
- If the certificate fails, the browser will send the user a warning. If all is well, the server will start the SSL encrypted session.
- Once the SSL is enabled, the browser and server can share encrypted data.
It is important to remember that a SSL certificate is associated with only one website. This company's site is the only one that has the key that will decrypt messages being transmitted. A SSL session with a minimum 256-bit encryption key is considered virtually impossible to crack.
How does a user know if a web page is secure?
When you purchase your SSL certificate, you should check to see what “site indicators” it includes. These are the obvious signs a visitor will recognize to let them know that your site is safe. The padlock icon is a popular one – a locked lock will indicate the user is in a secure area. A green address bar is another indicator. An SSL plan will also offer you a site seal you can display to let customers know you have your SSL security protocol in place.
Finally, a secure web page will have “https” instead of “http” in the browser address bar – that extra “s” is a sure sign a valid SSL certificate is in place.