It may seem obvious that more people are going online to shop, send email, manage their bank accounts, and just about everything in between, but when you stop to think about just how many people use the internet, the numbers are dramatic. Just 15 years ago, barely 15 percent of Americans went online; today, almost 80 percent of people in the United States use the internet. Worldwide, the statistics are even more impressive: A decade ago, about 350 million people used the internet across the globe. Ten years later, that number has risen to almost two billion people.
As use of the internet has grown, the web has also become more popular with scammers, identity thieves, and other cyber-criminals. Threats to internet users have become widespread, and it is estimated that more than 3.5 million people fall victim to “phishing”—a type of online identity theft—each year in the United States alone.
Given the number of people who experience phishing and other web-based scams—or hear about them from friends, family, or on the news—many internet users don’t feel comfortable sharing their real names or other personal details online. In fact, recent research indicates that more than 62 percent of internet users in the United States are concerned about their online security.
If someone doesn’t feel safe even sharing their name, then using a credit card to make an online purchase is out of the question. Internet users simply will not share information, much less transact with a web site, that doesn’t demonstrate a certain
level of security. Fortunately there is SSL, a standard solution for protecting sensitive information online. But there’s more to SSL than just basic safety. In this guide, you’ll learn about what SSL does, how it works, and how it can help build credibility online.
Web sites secured with an SSL certificate encrypt information before sending it out over the network between server and browser.
To do this, the SSL certificate has two codes called “keys”: a private key that is unique to the individual server that hosts the web site, and a public key that is available to any web browser that requests it. The data that is encrypted by the private key can only be decrypted by the public key, and vice versa—data encrypted by the public key can only be decrypted by the private key.
The level of security that SSL provides depends on a few factors, including the type of certificate a web site uses, the type of web browser someone uses, and the host server’s capabilities. This is why SSL certificates offer a range of encryption levels, most commonly up to 256 bits.
To give you some idea of just how strong SSL encryption really is, consider this: 128-bit encryption can calculate 288 times as many combinations as 40-bit encryption. That’s over a trillion times a trillion times stronger. In fact, at current computing speeds, it would take a hacker a trillion years to break into a session protected by a 128-bit SSL certificate, and even longer to hack into a session secured with 256-bit encryption.
SSL DIGITAL CERTIFICATE USER EXPERIENCE
What Users Experience
You don’t need a background in IT or HTML coding to know when a site is protected with SSL. In fact, web browsers provide several visual cues to help you see when SSL is working. For example, the web addresses of sites that use SSL will start with https://, as opposed to http:// for non-secured connections.
Most web browsers—including Internet Explorer, Firefox, and Safari—will also display a small padlock icon when you visit a site that uses an SSL certificate. The location and appearance of the icon may differ depending on which browser you use, so be sure to look carefully to find it.
GETTING STARTED WITH SSL DIGITAL CERTIFICATES
Getting SSL on Your Website
If you’re ready to get SSL security for your web site, the first step you need to take is selecting a provider. There are many SSL companies to choose from, but remember that it’s always best to choose a credible third-party SSL certificate provider that follows strict security guidelines.
When you work with trusted third-party SSL provider, you will be asked to confirm your business identity before the certificate is issued. Different providers may have different requirements, but many SSL companies ask for articles of incorporation, licenses, and other business documents. For example, GeoTrust requires companies to complete a certificate application and will confirm that your company is registered with a local, state, or national authority by viewing and verifying copies of registration documents. GeoTrust will also verify that the company has the right to use the domain name submitted in its application by checking with the domain name registrar. To make this process easier for customers, GeoTrust performs these checks by researching public databases. Customers are only asked to supply documentation directly if the company information cannot be verified through public sources.
During the purchase process, you will also need to generate a certificate signing request (or CSR) from your web server to the CA. A CSR is a small bit of code that initiates a request for a new SSL certificate and provides essential information enabling the CA to deliver a certificate matched to that server. The process for generating a certificate signing request is very straightforward and simple instructions are available from either GeoTrust or your server manufacturer. GeoTrust publishes information on how to get a CSR from various servers on their web site under Support.
Depending on what type of SSL certificate you’ve purchased, it can take anywhere from a few minutes to a few days for the CA to issue your certificate. Certificates that offer stronger security and validation usually take longer, but they are well worth the wait. For instance, an EV SSL certificate takes longer to issue, but it provides the best security and maximum reassurance so your customers feel safe using your site. An EV certificate also delivers the biggest business benefit because of the positive impact that can help convert more of your prospects into actual transaction-completing customers.
Once you receive your certificate, you will then need to install it on your web server. Though it may sound daunting, installing an SSL certificate is a straightforward process and some CAs like GeoTrust offer instructions to help you. The process for installing SSL certificates can differ between servers, so be sure to check with the CA if you have any questions. GeoTrust support is standing by to help.
Some CAs also provide a seal or other trust mark that you can display to show visitors that your site is protected by SSL security. To install a seal, you must copy the code snippet from your CA and paste it into the source code for your web site. Be sure to display the seal prominently on your site, including your homepage and—if you have an ecommerce site—any product pages or shopping cart pages. When visitors see an SSL trust mark on your site, they will spend longer on your site and will be more likely to sign up for an email list or newsletter, and make purchases. Web site gurus often recommend that you display yourt rust seal above the fold on your home page. Many web sites go ahead and display their trust seal on every page just to make sure their customers have a constant reminder that security is paramount.
PROFESSIONAL 24x7x365 SUPPORT
Professional InfoQuest Support
You may never need it but if you do, it’s good to know we’re here–via toll free phone, live chat, online knowledge-base, email, and support tickets.
Since 1994, customers indicate the #1 reason they selected InfoQuest was the recommendation of a friend or associate based on our reputation for fast courteous technical support, service availability and performance.