With the increase of online shopping websites, it is essential that any e-commerce website has to have a security protocol that provides a secure channel between two machines operating over the Internet or even an internal network.
Updated May 2017: To include information about browser warnings
SSL put simply is the https:// shown in the address bar, it is the secure connection between your computer and the website. An SSL should be used when there are logins, payments or other private information being sent to protect that data.
As of September 3, 2015, 26.6% of the Internet's 144,531 most popular websites have a secure implementation of HTTPS[Source:Trustworthinternet]
What is SSL
SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a clienttypically a web server (website) and a browser. SSL allows sensitive information to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain textleaving you vulnerable to eavesdropping (If an attacker is able to intercept all data being between a browser and a web server they can see and use that information)
Web browsers know how to trust HTTPS websites based on certificate authorities that come pre-installed in their software. Certificate authorities (such as Symantec, Comodo, and GeoTrust) are in this way being trusted by web browser creators to provide valid certificates.
HTTPS is especially important over insecure networks (such as public WiFi access points), as anyone on the same local network can eavesdrop and discover sensitive information not protected by HTTPS.
There are a few classes and different types of SSL certificates available for purchase from QuickSSL to True BuisnessID and True BuisnessID Wildcard, some display more prominent, others allow you to secure multiple domain names but ultimately they all secure the website.
How Does the SSL Certificate Create a Secure Connection?
When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an "SSL Handshake". Note that the SSL Handshake is invisible to the user and happens instantaneously.
Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa.
Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data.
Why Do I Need SSL
One of the most important components of online business is creating a trusted environment where potential customers feel confident in making purchases. Browsers give visual cues, such as a lock icon or a green bar, to help visitors know when their connection is secured.
If your site collects credit card information you are required to have an SSL Certificate. If your site has a login section or sends/receives other private information (street address, phone number, health records, etc.), you should use SSL Certificates to protect that data.
Sites like Google, Twitter and Facebook now default many of their services to HTTPS - so it is not just the checkout process, your bank or credit card companies anymore.
Your customers want to know that you value their security and are serious about protecting their information. More and more customers are becoming savvy online shoppers and reward the brands that they trust with increased business.
In an effort to secure the web Google (Chrome Browser) and Firefox both popular web browsers are now showing warnings on pages that aren't secure when they have a login form or accept credit card payment. Some examples of these warnings can be found below:
Ultimately the other browsers will follow soon to include security warnings on sites that don't have an SSL Certificate installed. Google also wants to mark any web page over HTTP as insecure — but that will take them some time to accomplish.
How do I Get One?
An SSL certificate can be purchased through a certificate authority simular to how Domain Names are purchased through a Domain Name Registrar.
Firstly a piece of code needs to be generated by the server called a CSR (Certificate Signing Request), once the CSR is generated it can be provided to the certificate authority who will provide a Private and Public key to be installed on the server.
Google announced in August 2014 ranking websites in the organic search results was given a sight preference towards those with a SSL Certificate installed. [Source: Google Webmaster Central]
This is a "very lightweight signal" within the overall ranking algorithm. In fact, Google said this carries "less weight than other signals such as high-quality content." Based on their tests, Google says it has an impact on "less than 1% of global queries" but said they "may decide to strengthen" the signal because they want to "encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."
Google also said based on their tests for the past few months, the HTTPS signal showed "positive results" in terms of relevancy and ranking in Google's search results.
These HTTPS ranging signals are done in real time, however they are done on a Per-URL basis which means that if HTTPS is only on part of a website then that part will see the small rankings boost which is why they recommend securing the entire site and creating a redirect from HTTP to HTTPS to ensure all users are on HTTPS.
Once an SSL has been installed or whenever the website address is changed it needs to be moved carefully, Google has put together a guide to transfer, move or migrate your site at https://support.google.com/webmasters/topic/6029673?hl=en
Lastly, you would want to make sure to track your HTTP to HTTPS migration carefully in your analytics software and within Google Webmaster Tools.
With the increase of online shopping websites, it is essential that any e-commercewebsite has to have an SSL certification that provides a secure channel between two machines operating over the Internet or even an internal network.
Now that you have an understanding of SSL, remember to check if your business website requires them.