Secure Socket Layer (SSL)

Customers shopping online need to be certain that you take the protection of their data seriously. Secure Socket Layer (SSL) is the standard security technology for establishing an encrypted link between a web server (where the payment is taken) and a browser (where the payment information is entered).

  • For security, websites taking payments need a Secure Socket Layer (SSL).
  • Customer confidence is improved through presence of visible SSL Certificate.
  • SSL Certificates use encryption techniques to protect data.
 
 

Encryption is the technical process that allows data to be transmitted securely over computer networks. It masks data so that unauthorised sources are unable to read or intercept it.

Browsers supporting SSL display icons such as a padlock in the bottom task bar or a blue key to indicate that a secure session is in progress. 256-bit encryption is the highest standard of security on the market at the moment.

Why you need SSL:

  • To authenticate the identity of your website to visiting browsers and your identity or business to the visiting customer
  • To encrypt (protect) private information that's exchanged on your site, such as credit card numbers or customer account information

Secure Socket Layer (SSL) Certificates

SSL Certificates are issued to either companies or legally accountable individuals. Typically, an SSL Certificate will contain your domain name, your company name and full address details. It will also contain the expiry date of the certificate and details of who issued the certificate.

When you have an SSL Certificate installed, your payment site will display:

  • A padlock symbol that appears in customer’s web browser when your site is opened
  • The https prefix in front of your URL address in the browser

If you want to take customer payments on your own site (‘https’), then you need to purchase an SSL Certificate. Although depending on the eCommerce platform you have or are considering, you may find an SSL Certificate included.

How does SSL work?

As a customer enters the secure area of a website to make payment (https), the browser will retrieve the SSL Certificate and check that it has not expired, it has been issued by a trusted certification authority and that it is being used by the website for which it has been issued. If it fails on any one of these checks, the browser will display a warning to the end user.

Validation

To obtain a SSL Certificate you must become validated by a relevant certificating authority. Once your certificate is installed on your server, customers can view your authenticated information by clicking on the padlock symbol in the browser and this will automatically display your qualifications to the public.

A recent development has been extended validation (extended validation is restricted – ask your SSL Certificate issuer for types of companies and sectors included). This turns the browser bar green (in newer versions of browsers) telling the visitor instantly that the site has the highest level of assurance.

Installation

SSL Certificates can be successfully installed on most websites, but your site must have a dedicated IP address. The validation process is fairly straightforward and can take as little as an hour to be carried out.

Applying for an SSL certificate? You need:

  • A unique IP address for each certificate that you want to use.
  • If you have multiple subdomains on one IP address, you will need to set up SSL host headers to do this.
  • A certificate signing request (CSR)
  • Correct contact information in WHOIS record.
  • Business/organisation validation documents (in the case of high-assurance or extended verification certificates

Ordering your SSL Certificate

Ordering an SSL certificate is relatively simple if you create a certificate signing request (CSR) and submit your WHOIS (ownership and contact information associated with each domain name) record and company validation documents.

  • Prepare by getting your server set up and getting your WHOIS record updated, etc.
  • Generate the CSR on the server
  • Submit the CSR and other info to the Certificate Authority
  • Have your domain and company validated
  • Receive and install the issued certificate

How long does it take to get my certificate?

The provider and type of certificate will dictate the length of time it takes to receive it. Times range from minutes to several weeks

Types of SSL certificates

Domain Validated
Certificates issued with very little validation (usually automated). Simply prove that you own the domain by replying to an authentication email or call. These are low-cost but less secure and not so attractive to potential customers

Extended Validation
These are a relatively new type of certificate and not available to all businesses. There is a more detailed verification process and is a more expensive option. Turns the address bar green in modern browsers.

Wildcard Certificates
SSL certificates are exclusive to each domain name will display warnings if you try to use them with a variation of the url. Wildcards can be used to secure an unlimited amount of subdomains from a single domain name.

SAN Certificates
SAN certificates also allow you to secure multiple hostnames but not an unlimited number. Each hostname is specified in the Subject Alternative Name section of the certificate. The hostnames can be internal and include several different domain names.

Code Signing Certificates
These are different from other types of SSL certificates. They allow you to sign an application or executable so that users know the identity of the organisation that made the application and know that it wasn’t tampered with.

Self Signed Certificates
These can be created for free by yourself, but your users will receive a warning that the certificate is not trusted.


Latest payment news

We can help

Three reasons to compare

  1. Find the best prices...
  2. From leading providers...
  3. Quickly and simply!
Go

Please login using your email address

Sorry, your login details were incorrect

  close

© Copyright 2013 Electronic Payments, All Rights Reserved 99 Giles Street, Edinburgh | Scotland, EH6 6BZ | 08000 248 620