Secure Sockets Layer, or SSL, is an internet protocol for establishing a secure online connection between a web server and a user’s computer. Client and server perform a handshake, in which a public key certificate containing identification details and a digital signature is passed between the client and the server, confirming the identity of each. This information is then used to create a cryptographic key, which securely encodes the information exchanged, ensuring that transactions between client and server cannot be read or altered by third parties. The key is unique to this particular session between the server and the client, and lasts for the duration of the session.
Digital certificates are issued by a certificate authority, often a private company. There are several different libraries of SSL software available for use with different operating systems, allowing server owners to set up SSL security. Most of these code libraries are free and open source.
Common Uses
One of the most common applications for SSL is in web browsers, especially for ecommerce sites. Secure connections to internet sites will have a URL starting with https, for HyperText Transfer Protocol Secure, rather than the standard http. Many browsers also display an icon to indicate that a connection is secure. As a precaution, warn users to check for the https, as well as ensuring they are still on your site by checking the URL, when told that they are making a secure transaction. Hackers can fake a web page informing users that a secure transaction is taking place, but they cannot fake a URL.
Whether you’re selling goods, asking your users for their email address, or operating an online chat service like a helpline, you will want the information transmitted to be secure. Unsecured transactions leave you vulnerable to hacking and malware, and expose your data. A hacked website can cause inconvenience and loss of earnings while it’s down, and may also have an impact in the long term on how much customers trust the site. Stolen customer data might be sold to rival organisations, or used to spam customers, perhaps by sending emails purporting to be from your company. This is known as phishing, and an authentic SSL certificate can help differentiate your site from a faked version designed to trick your users.
Clients’ login details may even be used in attempts to hack their accounts on other websites, in the hope that the same combination of username and password has been used elsewhere on the web. Contacting every customer on your database to tell them their data may be vulnerable is embarrassing and causes loss of trust.
For the user, it’s reassuring to know that their transactions will be secure and private. Many commercial services provide an icon which can be placed on your website, to inform customers that SSL security is in use. Clients can click the icon for further information, and a check will be run to ensure that the SSL certificate is in use and up to date.
Using SSL certificates protects both your website and your users from hacking and other forms of attack, and gives customers the confidence to register accounts, provide personal information and bank details, and buy products or services online.
Digital Pacific is an eco-friendly Australian provider of domain names, cloud web hosting services and SSL certificates for businesses and individuals.
