Users visiting commercial Web sites are sometimes reluctant to supply sensitive information—such as a credit card or bank account number—for fear that computer vandals will intercept this information. To address this type of security concern you need to protect sensitive information transmitted over a network from all forms of interception and tampering.
The Secure Sockets Layer (SSL) protocol, implemented as a Web server security feature, provides a secure and virtually impervious way of establishing an encrypted communication link with users. SSL guarantees the authenticity of your Web content, while reliably verifying the identity of users accessing restricted Web sites.
Your Web server also supports the Private Communication Technology (PCT) 1.0 protocol. Similar to SSL, PCT includes hardy and efficient encryption features for securing communication.
Creating an SSL Session
An SSL session, which encrypts all data between the client and server, is created using the following process:
- The Web browser establishes a secure communication link with the Web server using Secure HTTP protocol (HTTPS).
- The Web server sends the browser a copy of its certificate along with its public key. (The certificate enables the browser to confirm the server's identity and the integrity of the Web content.)
- The Web browser and the server engage in a negotiating exchange to determine the degree of encryption to use for securing communications, typically 40 or 128 bits.
- The Web browser generates a session key and encrypts it with the server's public key. The browser then sends the encrypted session key to the Web server.
- Using its private key, the server decrypts the session key and establishes a secure channel.
- The Web server and the browser then use the session key to encrypt and decrypt transmitted data.
About SSL (Secure sockets layer)
SSL certificate is installed on a website, which makes you feel safe and secure for the information enter by you because it is only access by the organization that owns the website. SSL certificates are provided by Certificate Authorities (CAs) and the use of this certificate is required by web server, so that SSL protocol can be used in an effective way.
Benefits of SSL certificates
Whenever we transfer the important information across the internet, it is passed away from one computer to another to reach its final destination, then there are chances of information being hacked by the hackers or other users if any computer in between you and the server can see the important information like your bank account no. or your credit card no. which affect the safety of confidential information. We want the required information or message to be delivered to the correct receipent, so that information won’t be misused by anyone and for this SSL certificates are required because when this certificate is used, then information becomes unreadable to everyone except for the server to which you are sending the information. SSL Certificates also protects it from hackers and identity thieves.
SSL certificate also provides authentication which means that you are sending the information to the right server and not to any criminal’s server. This is important because information is passing through several computers and in between if any of these computers could act as if your website and trap your users into sending them their personal information, then to avoid this, you have to use a proper Public Key Infrastructure (PKI), and getting an SSL Certificate from a trusted SSL provider.
When you are having your e-commerce website then it is necessary that your customers will trust your site and for this you have to put some clues on your Web browsers such as a lock icon or a green bar, which makes your customers feel safe that their connection is secured and they will buy from you more. SSL certificate providers will give you these clues and trust seal that built more trust in your customers.
When you want to take credit card information on your website, then you need to pass certain audits such as PCI compliance which require you to have a proper SSL certificate.
Another benefit of having SSL certificate is that it allows you to safe your username and password from attackers or hackers, especially when you have the same login id or username and password for many websites, then it is very unsafe to protect all your information, residing in the e-mails or in the attachments. Thus SSL certificates are required, when you enter a username and password to login to your site, because in this case, an attacker cannot easily see your username and password in clear text. This would allow someone else to impersonate your visitor, but it allows for a far more dangerous possibility.
- Another benefit of SSL certificates is that it will make the login forms invulnerable, safe and secure, otherwise most login forms don’t currently use SSL and thus they are vulnerable.
- SSL Certificates allows you to do your business online without worrying about the security and confidentiality of your customers’ personal details.
- These certificates also allow you to gain an edge over your competitors by protecting your site from invulnerable attackers.
- SSL Certificate legitimizes your website and server, thus the visitors of your site will trust you more.
- For all the types of purposes, an SSL Certificate makes your visitors sure that your website is a serious, genuine intent conducting an online business and thus by this it increases the response of your visitors to your site which contribute in higher sales.