SSL INFORMATION

Why is security required for the Internet?

The Internet has been a revolution to commerce and the transfer of data in general, which has developed new global business opportunities for all, including major enterprises, small to medium sized businesses and individuals alike. However e-commerce has inevitably attracted crime and developed a new breed of online criminals ranging from fraudsters and hackers to cyber terrorists. The growing concerns associated with conducting e-commerce have now resulted in the fact that security is an essential factor for online business success.

The market is now educated in the basics of online security and the majority of online users now expect security to be integrated into any online service they use and as a result they expect any details they provide via the Internet to remain confidential and secure.

This white paper explains how SSL can be utilized as the core security technology to protect customer's online transactions and informs users that the security of the online business is being taken seriously. In fact SSL provides proof of a digital identity and allows online customers to visibly see that their digital transaction will be confidential. These are essential factors in gaining customer confidence and remove the concerns and risks associated with sending sensitive data over the Internet.

SSL is essential to allow the true benefits of the Internet to be realized.


What is SSL?

SSL (Secure Sockets Layer) is a security technology that is commonly used for encrypting communications between users and e-commerce websites, thereby securing server to browser transactions. The SSL protocol utilizes encryption to prevent eavesdropping and tampering of the transmitted data, and is used to secure information passed by a browser (such as a customer's credit card number or password) to a webserver (such as an online store).

SSL protects data submitted over the Internet from being intercepted and viewed by unintended recipients and as used by hundreds of thousands of websites in the protection of their online transactions with their customers, SSL is the de-facto industry standard Internet transaction security technology.

How do website visitors know if a website is using SSL?

When a website visitor connects to a webserver using SSL they will see that the URL in the address bar begins with https:// rather than the usual http:// and also a small gold padlock will appear in their browser, e.g.
Whenever a browser connects to a webserver (website) over https:// - this signifies that the communication will be encrypted and secure. The actual complexities of the SSL protocol remain invisible to the end customer.
In summary, SSL is the de facto web transaction security technology. Webservers have been built to support it and web browsers have been built to use it. SSL provides the ability to secure customers transactions transparently without the customer having to do a thing!

What is required for a webserver (website) to use SSL?

In order for a website to use SSL a SSL Certificate is required (also known as Web Server Certificates and Secure Server Certificates). SSL Certificates are installed onto the webserver hosting the particular website and allow access to the security functionality of the webserver itself.


How is a SSL certificate installed onto a webserver?

When SSL is first activated on the webserver, the webserver requires information about the identity of the website including the website domain name and company details.

The webserver then creates two cryptographic keys - a Private Key and a Public Key. The Private Key is so called for a reason - this key must remain private and secure, only residing on the webserver. The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) - a data file which also contains all the website credentials.

The Private and Public keys are used in the encryption process, so that the data passing between the webserver (website) and the customer's browser remains confidential and secure.

The CSR generated is submitted to Certification Authorities during the SSL Certificate application process. The Certification Authority then validates the website credentials and issues an SSL Certificate containing the digital identity of the website, binding the domain name to the company details.

The webserver will match the issued SSL Certificate to the associated Private Key and allows the webserver to establish encrypted links between the website and customer's browsers.

What does a SSL certificate look like?

SSL certificates can be seen by simply double clicking on the padlock symbol when displayed in the browser. A typical certificate will look like this;

All SSL Certificates are issued to either companies or legally accountable individuals. Typically SSL Certificates contain the domain name, the company name, the address i.e. city, state and country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate.

When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, that it has been issued by a Certification Authority the browser trusts and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user.