Back to Top

Blog

ssl certificates

Why e-store owners should use an SSL certificate

The number of e-stores is constantly growing, and that is a good thing. However, companies who sell products or services online need to make sure that people's sensitive information isn't intercepted by cyber criminals. According to a https://www.data-alliance.net/ survey, applications that are downloaded from third-party mobile app stores are responsible for the vast majority of security-related problems.

So, the danger is real. Fortunately, individuals and companies can boost the security of their online apps and stores by adding Secure Sockets Layer (SSL) certificates to their sites. In layman's terms, an SSL certificate is a digital passport which protects the integrity of the data that's sent from the visitor to the server that hosts the target website. Each SSL certificate utilizes a pair of keys; one of them is private, while the other one is public. A third key is uniquely generated at the beginning of each browsing session.

Secure Sockets Layer certificates ensure that all the sensitive information that is sent by user's browser (credit card information, user log in and password data, etc.) is encrypted, rather than being sent as plain text over the Internet. This means that attackers can't decrypte the information even if they manage to get access to all the data packets that include it.

Here's exactly what happens when a customer accesses a secure e-store:

1. The person will type in the URL of the desired site or will access it using the browser's bookmarks.

2.  A domain name server will translate the name of the URL into its corresponding IP address.

3. The browser will be redirected to that IP, trying to connect to the desired site. If the site has an SSL certificate, the browser will ask the target site to identify itself. If the site doesn't have a Secure Sockets Layer certificate, the browser will launch a pop-up window, letting the user know about the potential dangers that arise from exchanging unencrypted information with the site.

4. But let's assume that the site owner has purchased and installed a certificate; in this case, the "SSL handshake" process can begin. The server will send the browser a copy of the certificate, including its public key.

5. The browser will check if the certificate is valid by verifying its expiration date and status, comparing the information that is has gotten from the site with an Internet-based database. Then, it will verify if the certificate was issued for that particular website. If the browser trusts the SSL certificate, it will create a symmetric encryption key, sending it back to the server.

6. The server will decrypt the received key using its private key, and then it will tell the browser that the SSL-encrypted browsing session was set up, so the secure data transfer can now begin.

All the data that is shared by the browser and the server is now encrypted, so cyber villains can't get access to it. The server will use client's encryption key to scramble all the data, and then send it to the browser who has requested access to the site.

I think it's clear why any business owner should use an SSL certificate for his or her site. By making use of Secure Socket Layer mechanisms, entrepreneurs will make their clients feel safe while shopping, and thus entice them to become repeat customers.

Most people have learned that secure online stores display a green padlock icon in their browser's URL bar. So, if you run an e-store, do your best to install an SSL certificate as quickly as possible. Don't forget to let me know if you need help with this, of course.