Articles

Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player

 

WH - 14. What is SSL and why do I need it?

SSL stands for secure sockets layer, and is the standard means of exchanging encrypted data across the Internet. The most common use of SSL is for securing credit card data. If you’ve ever bought something on the Internet and used a credit card to pay for it, then you were using SSL to complete the transaction. When SSL is being used, the address in the browser will change from “http:” to “https:” Additionally many browsers use some sort of icon to indicate that the site is secure, for example a closed padlock in Netscape.

SSL works by the use of encryption keys. When a browser requests a secure connection, it will send a list of supported ciphers. The server will choose the strongest cipher available, and return this to the browser. The server will then send a digital certificate. This certificate contains the name of the server, the name of the certificate authority and a public encryption key.

The browser will then generate a random number with the public encryption key, and return this to the server. The server will decode this using its private key – since the server is the only one with this private key; this is what ensures the security of the transaction. The server and browser can then establish a secure connection, and private information can then be exchanged.

Luckily, all of this is totally transparent to anyone wishing to make a purchase on the Internet. All modern browsers support SSL transaction, and all the user has to do is input the information being requested by the web site he is visiting.

The question of whether you need SSL capabilities on your web site will depend on the type of site you are planning. For a personal web page, or a small site for a club then you will probably not need to offer this. However, if you are planning an ecommerce site then you must have some means of securing your customers’ data.

In order to offer SSL transactions you will need to offer a digital certificate. Some web hosting companies will have their own digital certificates available for you to use if you prefer. However, this is not recommended as it can cause some problems with authentication. To obtain a digital certificate of your own you will need to get this from a certificate company. There are several to choose from – Verisign, Tucows and GoDaddy amongst others. Prices vary from one to another but you will probably pay no more than $100/year for this, depending on which company you choose.

The other requirement for offering SSL transactions is that you will need to have a static IP address for your web site. Many of the web hosting plans that are available only offer variable IP addresses – this means that your site is sharing its IP address with many other sites. Unfortunately in order to offer SSL functionality on your site you will need a static IP address. If your choice of web host can’t supply this then you will need to look for one that can. Expect to pay a premium over the regular monthly fees in order to get a static IP address.