What is an SSL (Secure Sockets Layer) Certificate?
An SSL Certificate adds essential security to online transactions
SSL stands for Secure Sockets Layer. It provides a secure connection between internet browsers and websites, allowing you to transmit private data online. Sites secured with SSL display a padlock in the browsers URL and possibly a green address bar if secured by an EV Certificate.
So what is SSL used for? The SSL protocol is used by millions of e-Business providers to protect their customers, ensuring their online transactions remain confidential. A web page should use encryption expected to submit confidential data, including credit card details, passwords or any personal information. All web browsers have the ability to interact with secured sites so long as the site’s certificate is from a recognized certificate authority, such as Comodo.
Why do I need SSL on My site?
The Internet has spawned new global business opportunities for enterprises conducting online commerce. However, that growth has also attracted fraudsters and cyber criminals who are ready to exploit any opportunity to steal consumer bank account numbers and card details. Unless the connection between a client (e.g. internet browser) and a webserver is encrypted, then any moderately skilled hacker can easily intercept and read the traffic.
How can I tell when a site uses SSL?
When a digital certificate is installed on a web page, users will see a padlock icon in the browser address bar. When an Extended Validation Certificates is installed on a web site, the address bar will turn green during secure sessions.
Users on sites with SSL Certificates will also see https:// in the address bar
Who's Behind It?
SSL certificates are issued by a certificate authority (CA). A CA will issue a certificate after it has confirmed the identity of the company applying for the certificate, and that the applicant owns the domain named in the certificate. Certificates issued to a website are chained to what is known as a ‘trusted root’ certificate, which is owned by the CA. These root certificates are embedded in what is known as the ‘certificate store’ in popular internet browsers such as Chrome, Firefox and Internet Explorer. If a browser encounters a website certificate which chains to a root in its certificate store, then it allows the https connection to proceed. If the browser encounters a certificate which is not chained to a root in its store, then it will warn the end user that the connection is not trusted and that the user should not submit any confidential information.
What details are included in a certificate
Certificates are issued to companies or legally accountable individuals and will typically contain the domain name, company name, address, city, state and country. It will also contain an issued date and an expiry date and contain details of the certificate authority responsible for issuing the certificate. When a browser requests a https connection to a website, it will retrieve the site's certificate, check that it has not expired, check it is chained to a root in its certificate store, and will check it is being used by the website for which it has been issued. If it fails any of these checks, the browser will display a warning to the end user