If you have an ecommerce website, and you plan to accept credit cards online, it is important that you have an SSL certificate. SSL certificates let your customers know that they are using a secure connection and that their personal payment information is kept safe. SSL stands for Secure Sockets Layer, which is associated with port 443 on the Internet, providing encrypted communication transfers. If you do not have an SSL certificate, your customers’ browser will alert them, warning them not to engage in business transactions on your Web site. You could lose business if you do not have an SSL certificate.
Purposes of an SSL certificate
There are two main purposes of SSL certificates: verify your identity and secure a transfer of information. Both of these are important to savvy online shoppers.
Verifying your identity: The company that issues the SSL certificate is a trusted third party that attaches a specific identity to your Web site, the server used and even the main computer you use. This allows you to be identified as who you are, providing the customer some peace of mind that you are really who you say you are.
Securing communication lines: The other thing an SSL certificate does is generate encryption and keys to help interpret the encryption. Your secure sockets layer protection takes information from your customers, and turns it into a string of numbers that doesn’t look intelligible to a third party. The key, which can only be used by those with proper authorization, allowsaccess to the information to complete the transaction.
SSL certificate requirements
When you get an SSL certificate, you have to submit information that the SSL certificate company can verify. You generate what is known as a Certificate Signing Request (CSR) to submit to the SSL certificate company. The directions for generating this depends on your platform and your server. However, the information that you most likely to be required to provide in order to get an SSL certificate includes:
- Common name: This is the common name of your site, or your domain name. It is basically yourcompany.com. It is important to realize, though, that something like payment.yourcompany.com is different, and needs a different SSL certificate. If you want your payment site to be protected, you specify the common name as payment.yourcompany.com.
- Organization information: You will also have to provide detailed information about your company. You need to provide the name of your company and/or your department. Realize that symbols (&, -, @, etc.) are not acceptable. Decide whether you want to get rid of the symbol or spell it out. You will also need to include the name of the town, state and country that you are in. Make sure that the state or province is spelled out, and that you abbreviate your country with the proper two-letter code.
- Contact information: Even though you do not need contact information to get your SSL certificate, you are asked to provide it. This is because you may be contacted by the SSL certificate generator. You want to be able to be contacted. You will need to provide your email, phone, address and fax number.
Once you have generated your CSR, you can submit it to the SSL certificate company. The secure sockets layer company will send your SSL certificate once you have been verified. Then you can install the certificate using the instructions that come with whatever platform you have.
SSL certificate requirements are a little bit easier if you have an ecommerce Web host that can help you set everything up. In some cases, your ecommerce host can help you get your own SSL certificate. In other cases, you can make use of a shared SSL certificate that the Web host already has. Either way, you will have to pay for SSL protection. When you get your own certificate, you normally pay once a year (or once every two years) to keep your protection current. When you go through your ecommerce Web host, you usually pay a monthly or yearly fee that is bundled into your regular web hosting packaging.
Consider your needs before deciding whether to get your own SSL certificate or get one through your Web host provider. Getting one through your Web host provider is less expensive, but it doesn’t offer the same flexibility as a more expensive dedicated SSL certificate.