16. What is an SSL security certificate, and why do they matter?
What is an SSL certificate?
Secure Sockets Layer (SSL) certificates (Security Certificates) are a form of electronic signature.
They were developed to help internet users confirm the identity of the owners of websites. Certificates are sold by commercial Certificate Authorities (there are about thirty "root" authorities across the Internet), who do checks on the identity of the certificate holders before issuing them.
It is important to remember that all classes of SSL certificate are only ever intended to confirm identity. They do not to imply any sort of business integrity (or otherwise!).
An SSL certificate is necessary to operate an on-line shop, or any other system that takes orders or payments over the Internet. As-issued, SSL certificates have a limited life, but can be renewed when they expire.
How does the system work?
When you start to use a web site to transact business (as opposed to just browsing), your Internet browser will automatically check if the website has a valid security certificate. If it does, you may notice a padlock icon, and the URL will change, to one that starts with "https://" (the "s" stands for 'secure'). Your browser will warn you if an invalid certificate is being presented, or if it has expired. The certificate or the web site you're visiting is used to encrypt your transaction, so that only yourself and the organisation concerned can read the information. This stops third parties intercepting, say, your bank details, whilst they are in transit across the internet.
Sometimes, when you visit an SSL-secure site, the left-hand end of your browser's location bar changes colour (for example to blue or green), indicating that a special, Extended Validation Certificate has been installed on that site. These require considerably more checks by the Certificate Authority prior to issue, and are considerably more expensive, although they are technically no more secure than the ordinary type. Because of their cost and the additional checks required, Extended Validation Certificates are generally only used by government, banks, and other large commercial organisations.
Any SSL certificate is more than just a statement of identity though. Installed on the web server, it permits web transactions to be encrypted, making them very hard to read by all but the intended recipient, in both directions. Thus payments and other confidential information can be sent in relative safely. They also have use internally in large organisations, again to protect confidential information moving across internal networks.
What will an SSL certificate do for my business?
If you want to create any commercial website that needs customer/client security for transactions, you need appropriate security certificates for your website or Intranet domains. Otherwise, your customers cannot transact with safely.
There are a large number of certificate resellers now trading. SSL certificates can be purchased very cheaply, however the system has intentional geographical and commercial limitations, meaning that most cheap solutions are unsuitable for general commercial use. It is important to obtain the correct form of certificate, suitable for your business.
Bristol It Company has long experience in procuring and correctly installing SSL certificates for our clients. Please contact us for a confidential discussion about your requirements, or a quotation.
Additional information
Latest blog posts
The Internet of Things
The Internet, first developed for American military computers to communicate with each other by telephone lines, has grown far beyond the dreams of its inventors.
Do you remember April 6 1992?
Coming up very soon, allegedly, Microsoft will launch Windows 8. But the world really changed just over 20 years ago, when Windows 3.1 was released.