ssl thumbnail

How does SSL works ?

In order to keep customer information private and secure, companies and organizations need to add SSL certificates to their websites to enable secure online transactions.

As companies and organizations offer more online services and transactions, internet security becomes both a priority and a necessity of their online transactions to ensure that sensitive information – such as a credit card number – is only being transmitted to legitimate online businesses.

What are SSL Certificates and Why do I Need Them?

SSL certificates are an essential component of the data encryption process that make internet transactions secure. They are digital passports that provide authentication to protect the confidentiality and integrity of website communication with browsers.

Any organization that engages in ecommerce must have an SSL certificate on its web server to ensure the safety of customer and company information, as well as the security of financial transactions.

The SSL certificate’s job is to initiate secure sessions with the user’s browser via the secure sockets layer (SSL) protocol. This secure connection cannot be established without the SSL certificate, which digitally connects company information to a cryptographic key.

How SSL Certificates Work

  • A browser or server attempts to connect to a website (i.e. a web server) secured with SSL. The browser/server requests that the web server identify itself.
  • The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server.
  • The web server sends the browser/server a copy of its SSL certificate.
  • Encrypted data is shared between the browser/server and the web server.
  • The web server sends back a digitally signed acknowledgement to start an SSL encrypted session.

There are many benefits to using SSL certificates. Namely, SSL customers can:

  • Utilize HTTPs, which elicits a stronger Google ranking
  • Build customer trust and improve conversions
  • Create safer experiences for your customers
  • Encrypt browser-to-server and server-to-server communication
  • Protect both customer and internal data
  • Increase security of your mobile and cloud apps

Types of SSL/TLS Certificates

Extended Validation (EV) and Organization Validated (OV) certificates are widely used by organizations that want to provide their online customers with strong encryption technology and identity assurance. Encryption ensures that customer data like credit card information and passwords cannot be stolen as it is transmitted. Identity assurance gives website visitors the ability to identify that the website they’re on is legitimate. The amount of verification checking behind the various certificate types is reflected in the pricing variations. The increased vetting, particularly for EV and OV certificates, is what makes these high assurance certificates more expensive.

Domain Validated (DV) Certificates

A website secured with a DV certificate offers only a locked padlock in address bar, but does not show organization details because they do not exist. These certificates validate domain ownership only, can be acquired anonymously, and do not tie a domain to a person, place or entity. For this reason, many websites using DV certificates are linked to fraudulent activity.

Organization Validated (OV) Certificates

For OV certificates, in addition to domain ownership, the organization is validated and the certificate details can be viewed on most major web browsers, giving online users the opportunity to determine if the site they’re on is legitimate.

Extended Validation (EV) Certificates

EV certificates are preferred by most online users because they come with the most comprehensive verification checking, which includes domain verification as well as crosschecks that tie the entity to a specific physical location. This type of verification leaves a detailed paper trail providing customers with recourse should fraud take place while transacting on that website. EV certificates are distinguished with a locked padlock, organization name and sometimes the country ID in the web address bar in most major browsers.