A Short SSL (Secure Sockets Layer) Certificate Primer

A Short SSL Certificate Primer

“What is SSL?”

“Already used by millions of consumers”

SSL is an acronym for Secure Sockets Layer, a global standard security technology developed by Netscape in 1994. SSL is all about encryption. It creates an encrypted link between a web server and a web browser. The link ensures that all data passed between the web server and browser remains private and secure and is recognized by millions of consumers by a secure padlock which appears in their browser.

What is an SSL Certificate?

The SSL protocol is used by millions of e-Business providers to protect their customers ensuring their online transactions remain confidential. In order to be able to use the SSL protocol, a web server requires the use of an SSL certificate. Certificates are provided by Certification Authorities (CA) who in most cases also offers additional products and services to aid e-Businesses to demonstrate that they are trustworthy. Consumers have grown to associate the ‘golden padlock‘, that appears within their browser display, as an indication of trust in the website. This simple fact allows e-Business providers an opportunity to leverage that increased trust level to turn visitors into paying customers – so long as you know which type to choose.

“Why do I need SSL on my site?”

“People never buy from a salesman they do not trust.”

The Internet has successfully created many new global business opportunities for enterprises conducting online commerce. However, that growth has also attracted fraudsters and cyber criminals. Today’s fastest growing threat is Phishing. This is where a fraudulent website that is trying to impersonate a legitimate business attempts to woo unsuspecting visitors into divulging personal information. The increasing awareness to this problem has presented an opportunity to e-commerce providers to capitalize on consumer fears by displaying trust indicators. Just like the real world, people need to be confident before they proceed down an unknown path.

Over the past 10 years, consumer magazines, industry bodies and SSL VPN security providers have educated the market on the basics of online security. The majority of consumers now expect security to be integrated into any online service they use, as a result they expect any details they provide via the Internet to remain confidential and integral. For many customers, the only time they will ever consider buying your products or a service online is when they are satisfied their details are secure. Using an SSL Certificate to secure your online business indicates to your customers you take their security seriously. They will visibly see that their transactions are secure, confidential and integral and it gives them the confidence that you have removed the risk associated with trading over the Internet. Using a High Assurance certificate will also assure them:-

1.      That the website really is who it claims to be.

2.      That credit card numbers, are encrypted and cannot be intercepted.

3.      That the data sent and received cannot be tampered with or forged.

Essential knowledge you need when you deploy SSL Services in a retail environment”

“We’ve done the research so you don’t have to shop around…”

Essential to the success of any web retailer is the ability to convert visitors into paying customers. Whilst there are many on-line and off-line sources of information available to web site owners, one consistent fact drives up conversion rates more than any other – trust. After all, no one buys from a salesman they do not trust! As well as selling the benefits of your product or service and having a clear call to action on each page, you must maximize the deployment of trust indicators especially on your home page or pages where consumers either make payments or enter personal data.

You can see here, the benefits of using High Assurance SSL on your retail site.

  • Provides visitors with trust indicators to drive overall confidence in your brand, products and services.
  • Allows your customers to confidently pass ordering information and credit card details to you in a secure manner.
  • Enable you to boost your visitor conversion rates – increasing your profitability from the same level of traffic.
  • Allows you to utilize the branding power of the certificate vendor to your advantage.
  • Allows you to expand your portfolio of secure services to consumer’s suppliers and partners.
  • Facilitating website security from less than $1 per week.

The primary SSL certificate providers are:

The detail below is an overview of each of these providers.

Verisign is the oldest of the listed secure SSL certificate providers and currently has the most certificates issued. Their certificates are recognized by virtually all browsers without giving a warning pop up message. Verisign also has the strictest background checking and requirements which may assure a higher degree of confidence from the buying public. With their strict approval guidelines, Verisign offers the best included transaction insurance. On the other hand, many web site owners feel that the function of the certificate is verified encryption and not the stature of their businesses. This and the non-competitive pricing of Verisign certificates is probably why their market share is rapidly dropping (though they still have a commanding lead).

Thawte was Verisign’s first major competitor. Thawte started selling secure certificates in 1996 and was purchased by Verisign in 1999. Verisign kept Thawte’s less strict acceptance and lower pricing in order to maintain future market share from less strict competition. On the other hand, Thawte does not offer insurance with their certificates. Thawte certificates are also recognized by virtually all browsers.

Entrust has been working with some of the most highly recognized public key encryption programs since 1994. Their pricing is more competitive than Thawte though Entrust’s offers a higher level of included transaction warrantee. Entrust’s certificates are also recognized by virtually all browsers (except older versions of IE and Netscape)

Baltimore has been working in the secure transaction industry for a few years and is involved with security for many large transaction producers such as major credit card companies. Their pricing is between Thawte’s and Entrust’s and their included transaction warranty is better. Like Entrust, Baltimore’s certificates are accepted by all but the older versions of IE and Netscape.

GeoTrust is more competitively priced than the SSL certificate providers listed so far (above) but its certificate authority is not recognized by Opera browsers. Though Opera has a very minor browser market share, we feel it is significant enough to warrant mentioning. GeoTrust has a low transaction warranty and they are the only provider we list that charges extra for their site seal. Though the other certificate authorities listed here all provide at least some sort of company verification, GeoTrust certificates only validate domain ownership.

InstantSSL, by Comodo Corporation, of the entire SSL certificate providers list is much more competitively priced, and it is also our current provider of choice. Their certificates are recognized by all but the old Netscape and IE browsers, the certificates can be purchased quickly, and their transaction warranty levels are good.

Recommended readings:

http://www.whichssl.com/

http://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html

http://en.wikipedia.org/wiki/Certificate_authority