So, if you’re starting an online business, no doubt someone…somewhere…has mentioned “SSL”. It may have been in a casual, inquisitive manner, or it may have been a more frantic “you got a SSL certificate, right? Oh…you HAVE to get a SSl certificate or all of your customer data will be stolen!”

The purpose of this post is to allay some of the fear and uncertainly about SSL and give a short primer on what it is, what it means, and what the differences are between the various alternatives.

SSL – What Is It, and Why Do I Need It?

Put simply, a SSL certificate is used to create a secure, encrypted link between a person’s browser and the web server used to host the page they’re on. The encrypted connection ensures that any data that is transferred from the browser to the web server – for example, when someone fills out a form – remains private during transmission. The certificate is provided by a “Certifying Authority” (CA) like VeriSign or Trustwave (though there are many others), and is most commonly associated with the lock icon that appears in the browser window when someone visits a secured page.

SSL is important because it gives visitors to a secured page of your website “peace of mind” knowing that the information they are inputting on that page is encrypted and not traveling in plain text. Therefore, the potential for that data to be usable should it fall into the wrong hands is greatly, greatly reduced.

What Types of SSL Are There?

Shared SSL
This means that your hosting provider has (usually) purchased a SSL certificate that can be used by multiple people. This generally works by attaching the SSL to a generic domain (though some hosting providers use their own domain), then providing customers with a path to use for encrypting the connection for their individual sites. An example of a shared SSL path would be https://www3.ssldomain.com/customer-domain-name/page-name.html.

Great For:
1. New sites just getting started.
2. Basic forms.

Not So Great For:
1. Ecommerce
2. Any form asking for extremely personal information (e.g., social security number)

Dedicated SSL
This is where you purchase a SSL certificate for YOUR domain. The pathing for secured pages when using a dedicated SSL certificate is really not different than any other page of your site, except for the “S” – https://www.your-domain.com.

Great For:
1. Any use – form information, credit card purchases, FTP access – anything you want to secure and encrypt on your site.

Not So Great For:
1. Some may argue larger scale purchases (in the tens of thousands of dollars), but that’s just because there is an alternative, and it is….

Extended Validation (EV)
This is a new type of SSL that entails a greater degree of authentication and validation by the CA. The benefit to an EV certificate is that the CA has to go through many more steps prior to issuing an EV certificate. Some of these steps entail a physical visit to the requestor’s location and a signed letter by an executive of the company (usually a CFO or some designee); therefore, quite a bit more than is needed for a standard SSL certificate.

Great For:
1. Large ticket items, generally in the thousands of dollars per item.
2. A company wanting to prove its commitment to security.

Not Great For:
1. Anyone without deep pockets. As this certificate entails a bit more labor on the part of the CA, they are a “bit” more expensive.

Finally, a quick word on “Premium” and “Enterprise” SSL certificates. Some companies sell different levels of certificates, and they’re usually labeled something like “premium” vs. “enterprise”, or even “enterprise” vs. “premium enterprise”. The difference between these certificates generally comes down to bit level encryption and/or level of warranty provided by the CA. The CA may even attach some identification scheme to prove the level of security offered, add scanning services, real-time authentication, etc. There are pluses and minuses to all of this, so use your best judgement when deciding what you want to pay for. A good, solid SSL certificate issued by a reliable provider is fine for most companies. If you really want to prove your level of commitment, then adding services is a good idea and may be worth the additional cost.

So there you have it: a decent primer on SSL. This is, of course, not a complete breakdown of SSL, much less a discussion of the technology behind SSL. So, if you have additional questions, please feel free to ask us – we’re here to help! As an aside, Newtek Web Services provides a dedicated SSL certificate on our Storefront Builder plan, and SSL can be added to the Website Builder or any custom site build.

Tags: ecommerce security, Encryption, Extended Validation Certificate, extended validation certificates, security, shared ssl, SSL, website security