Back to Introduction on eCommerce - Part 1
Secure socket layer certificates
When you shop online, you’ll notice that as soon as you come to a page that collects personal or payment
information, a small lock icon appears (or should) in the URL (depending on the browser used) of your browser.
As above shows, the URL starts with https instead of the normal http. The lock icon and the https in the URL are your indications that you’re on a secure socket layer (SSL for short). This means that when you submit it the browser will encrypt your data and pass it securely through the Internet.
Another factor in data security is the SSL certificate. An SSL certificate is a small piece of software issued by a recognized authority such as VeriSign, DigiCert, or Entrust, which resides on your secure server and validates your website’s identity and domain ownership.
To save time and expense, it’s possible to self-sign and configure your own SSL certificate, but this is not recommended because such certificates are not always recognized by a browser. Additionally, the process is
fairly technical and you may need to enlist the help of an engineer. You start by using the openssl toolkit to create a “RSA Private Key” and a Certificate Signing Request (CSR). Ideally the CSR is sent to a Certificate Authority such as Verisign who will validate your identity and issue you a signed certificate.
Alternatively you can self-sign a temporary certificate which is good for a year by adding code and installing it on your server. The major web browsers (Safari, Firefox, Internet Explorer) come with a small set of “root certificate authorities” that they trust, and if your certificate is not issued by one of these authorities or is self-
signed, the browser may trigger a warning which the user can see, making your site look less secure and credible. Root certificate providers are Verisign, Comodo, Entrust, GlobalSign, and GeoTrust, among others. Many sites such as RedEnvelop.com shown in above include a small graphic and text blurb to underscore their site’s security measures, putting a customer’s mind at ease.
You can find a comparative list of credible SSL certificate providers at SSLshopper.com/certificate-authority-reviews.html. In terms of cost, you should expect to pay between US$50–150 annually for your SSL certificate.
Read Next - Introduction on eCommerce - Part 3