SSL 101 for Dummies: Everything You Need to Know
If you're running a small business, chances are you've heard about or had a few conversations with other business owners about SSL encryption. However, if you're new to the world of internet business, you may not know exactly what it is or if you need it. While it depends on the type of business that you are running, SSL encryption is a good idea for most companies that have a website viewed and used by their consumers, especially if they use your website to make purchases or share private information with your business in order to receive catalogs or updates from you.
What Is SSL?
SSL, an acronym for Secure Sockets Layer, is a type of security technology used on the internet to establish an encrypted link between a server, browser and the end user. SSL technology ensures a safe, private experience for the end user. SSL security technology is pretty much the industry standard in security when it comes to websites, particularly websites that accept valuable information like credit card numbers, identification or driver’s license numbers or any other type of personal data. Many websites that don’t accept money even use SSL security as a way to help users feel at ease when browsing their site.
Why Do I Need SSL Certification?
If you’re running a website, SSL certification can be extremely beneficial to you. It will make your customers feel at ease when using your website since they know their private information isn’t likely to be obtained by an outside source against their wishes. This is particularly important for websites that sell a service or product because credit cards are the most typical form of payment. However, websites that collect e-mail addresses and other types of identification can also benefit from having an SSL certificate because users are more likely to trust the website. Some users, particularly those who have experienced problems with certain sites or companies before may be very hesitant to use a website without an SSL certificate and may choose another service or company instead.
How Do I Create An SSL Connection?
Before you can create an SSL secured connection for your customers you will need to obtain an SSL certificate. To create the connection you’ll need to activate SSL on your web server, which will prompt you to answer questions about your identity and information regarding your website and company. Your web server will create to keys – a public key and a private key. The private key, of course, is reserved for you and your company. The public key is what ensures that your customers and website users will be protected in their online transactions. The public key doesn’t need to be a secret since it will not allow anyone access to your website, allowing them to change anything or give them access to your customer data and information.
Certificate Signing Request (CSR)
Since your public key isn’t a secret, it is placed into a certificate signing request (CSR), which is a data file that contains certain details about your website, company and basic information. However, none of this information is private information and there’s no reason any of it should be hidden from the public. Typically, the information present on your certificate signing request is just your business name, website address and type of business. Once you complete the certificate signing request, it should be submitted to the SSL certification authority, which will check and validate your details to make sure you can use SSL security. After your request is verified, your web server will match your issued SSL certificate key, allowing the server to establish an encrypted link between your website and outside users that are browsing or purchasing something on your website.
How Will My Customers Know?
When your site is SSL certified your customers will know that because they will see a key on their screen that shows them that you are SSL certified and the connection is encrypted. Different web browsers work different – some present a key in the lower right hand corner with an SSL logo next to it. Others show that the website or current transaction is being encrypted in the web address toolbar. While displaying an SSL logo might not seem like a big deal, most customers know to look for one and might be a bit taken aback if they don’t see one on your website.
Can Customers Check My Certification?
Once your site is SSL certified, customers will be able to see an SSL certificate that gives them certain information about your business and website. However, this information is not private information and there’s no reason your customers shouldn’t be able to see it if you are doing legitimate business. On a typical SSL certificate, your customers will only be able to see your domain name, you company name, business address or P.O. Box, city, state and country. Many SSL certificates also display the date which your website was certified and when certification expires
Does SSL Certification Expire?
The simple answer is yes. SSL certification does expire. However, depending on the security authority that you use, expiration times will vary. Typically, SSL certification can be renewed fairly easily and the process is somewhat similar to the process of setting it up. You may be able to do the renewal process automatically in some cases if you choose the right SSL certification authority.
Can I Get a Free SSL Certificate?
You can get a free SSL certificate, however, in most cases, it isn’t the best idea for your business. In most cases, you’ll be getting what is considered a self-signed certificate, which means that you and you alone are held responsible for the security of your website. That means that if your website is hacked or compromised and it doesn’t look like it has been compromised, you could be doing business without security for a fairly long period of time! When you use an outside authority for SSL certification, they will be notified of changes to your SSL system and will take immediate action to let you know. If you do it on your own, you could lose a large amount of business and even be responsible for customer’s damages if their information is stolen and used illegally. After all, they did think your website was SSL encrypted, so they believed they were using a secure website. You don’t want that mess on your hands, and unless you’re very technical and understand the ins and outs of SSL encryption, you shouldn’t do it all on your own.
Web Browser Warning Messages
Another problem with having a self-signed SSL certificate is that most web browsers will display an initial message that says they aren’t sure if your website is safe or not because it isn’t encrypted through a recognized authority. This is likely to scare most customers away since the wording and imagery commonly used in web browser warning messages is very strong and designed to protect people from potentially harmful websites. The warning messages are similar to sites that have been connected with dangerous malware and viruses, and most customers know better than to visit those sites. Having a self-signed SSL certificate, for this reason alone, is simply a bad idea and one that could negatively impact your business.
Who Needs to Pay for SSL Certification?
If you sell anything over the internet, even in fairly small quantities, you need to pay for SSL certification through a reputable authority. Your customers won’t feel comfortable using your website and they really shouldn’t unless you have SSL certification provided by a reputable authority. If you accept credit cards from your customers as a payment method, there’s no way around getting paid SSL certification. The only workaround for some very small business is to use PayPal, but that’s an inconvenience for many buyers since they have to transfer money from a credit card or bank account into their PayPal account before they even make a payment to you. If they have to do all of that, they may just choose to go to a retail store or a different website to buy what you’re selling, which means you’ll lose their business. They aren’t likely to use your website in the future after that either.
Companies that Collect Private and Personal Information
Credit card numbers certainly qualify as private and personal information, but even if you don’t accept credit cards on your website or the type of service you provide doesn’t require credit cards, you will still need paid SSL certification so that your customers feel like using your website is safe and secure. If you accept or collect e-mail address, physical addresses, social security numbers, driver’s license numbers or identification numbers, SSL encryption is an absolute must, especially if you’re working in conjunction with an online retailer or seller. Common examples of this could include shipping products or running a packing service, where customers don’t work directly with you, but their orders, most of which will be paid for with a credit card, are run through or delivered by your company.
It might seem somewhat obvious that a company providing online security should have SSL encryption. However, you might be surprised how many security companies don’t have SSL encryption because they don’t collect credit card information over the internet and do not accept personal and private information via online forms. While it’s true that these companies don’t really have anything to secure, it’s all about expectations. Think about it. If you provide security to somebody else, shouldn’t your website be as secure as possible? If customers don’t feel like your site is secure, why would they hire you to take of their internet security? The fee for SSL certification is so small there’s simply no reason not to pay for SSL encryption. If you lose even one customer because they question whether your site is secure, you’ve already lost money.
Is a Self-Signed Certificate Okay Under Any Circumstances?
If you’re running any type of business, using a self-signed certificate shouldn’t be an option for you. The only time a self-signed certificate is okay is if you’re using it on a personal network within your business that is behind a firewall. However, any page that your customers can see should not be under a self-signed certificate – you’ll need paid certification for those.
The SSL certification process can be pretty confusing if you are new to running an internet based business or if you’re trying to grow your earnings through a website. The process isn’t as difficult as it sounds, but doing it yourself and simply obtaining authorization through an outside company may not be the most efficient, especially if you’re trying to run a business that’s already going at the same time. If your website needs SSL certification in order to be successful but you don’t feel comfortable with the process, you should consider hiring a company to do the basic work for you. If you hire the right company, they can also make sure your updates are performed in a timely fashion and your site will always be secure. For most small business owners, purchasing and SSL certificate from an outside company is the quickest, easiest way to make sure their site is secure for their regular and new customers.