One task we do as a standard for all the eCommerce stores we manage is to install
an SSL certificate for secure shopping. Every eCommerce store must have an SSL certificate.
Transfers of sensitive data from a customer's PC to the Web server must be encrypted
just in case a hacker intercepts the transfer. By default, transmissions of data
between PCs and Web servers come through in clear text making everything readable.
Something extra special must be done when we need to ask the customer for credit
card information or other types of sensitive data.
The solution is a SSL certificate. SSL stands for Secure Socket Layer. It will encrypt
any transfer of data across networks. The way a Website uses SSL is through what
is known as HTTPS - Hyper Text Transfer Protocol Secure.
You may notice every Web URL starts with "http://". If we change it to "https://"
then that transfer will be encrypted. But first, we must purchase and install a
Many companies offer SSL certificates but the most economical ones are from GODaddy
- currently $29.99 per year. Due to the price and ease of creation - they are also
the most popular in recent years.
Purchasing and installing an SSL certificate is an easy process but one that requires
a developer. First, the SSL certificate is purchased. Afterwards, it is keyed by
creating what is known as a CSR (Certificate Signing Request) on the Web server.
The CSR is then sent back to the issuing certificate authority and the SSL certificate
is created. Finally, the SSL certificate is installed on the server and bound to
the domain name.
Things to Keep in Mind
SSL certificates vary widely in price but the truth is they are all the same. There
has yet to be a documented case where an SSL certificate has failed. SSL providers,
known as Certificate Authorities, must pass a set of rigorous rules and tests before
their certificates are considered by server software vendors. For example, Microsoft's
program is called the "Microsoft Root Certificate Program". They currently list
over 100 Certificate Authorities that Microsoft's Windows Server will recognize
as trusted authorities.
Every SSL certificate comes with a seal. The seal is placed on checkout pages that
collect sensitive information to ensure the user knows that the page is secure.
SSL certificates are good for one year then they must be renewed.