Secure Sockets Layer (SSL), is a cryptographic protocol which is designed to provide secure communication over the Internet. Data is encrypted to assure that the person you are communicating with is receiving the information without the risk of a third party being able to hack or intercept it.
This allows for data/message confidentiality and message authentication codes for message integrity, also as a secondary result, message authentication. There are several versions of the protocols in widespread use in applications such as web browsing, electronic mail, internet faxing, instant messaging and ecommerce applications.
SSL for ecommerce
For most ecommerce sites, you absolutely need an SSL certificate. As an online merchant, it is your responsibility to make sure the information you collect is protected. This will protect you and your customers by making sure that no one can intercept and misuse their credit card information. Your ecommerce site will fail if you lose your customers’ trust in using your site.
40-bit and 128-bit encryption
40-bit and 128-bit encryption refers to the length of a “key” that is generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption. It is true that 128-bit encryption is preferred in most cases, however, if you require transactions to be conducted internationally you may be restricted to 40-bit encryption under certain circumstances. Since 128-bit encryption offers much better security, if you are able to use it consistently it should be your first choice.
Digital certificates, are used by the SSL security protocol to encrypt, decrypt and authenticate data. The certificate contains the owner’s company name and other specific information that allows recipients of the certificate to identify the certificate’s owner. The certificate also contains a public key used to encrypt the message being transported across the Internet.
SSL uses two kinds of certificates: root certificates and server certificates. Root certificates are installed on the browser, and server certificates exist on the Web server. A root certificate tells the browser that you will accept certificates signed by the owner of the root certificate. For example, if you install a root certificate signed and issued by a software company into your browser, you will be able to authenticate and decrypt messages that were sent from them. This is crucial to ensuring a secure transaction.
A server certificate is installed on the Web server and works much like the root certificate. It is in charge of encrypting the messages sent to browsers and decrypting messages received from browsers.
To receive these certificates, you will need to go to the site of one of the various certificate authorities and submit a Certificate Signing Request (CSR). After you submit the CSR, the certificate authority will verify that your business is valid and issue you a server certificate. You then install the server certificate on the Web server.
Any user who wants to use your secure Web server must have the root certificate from the certificate authority installed on their browser as well. Most browsers have a Verisign root certificate preinstalled. If Verisign is your server certificate authority there is better chance that your certificate will be available to more customers.
As I stated before, it is crucial for your users to be able to trust that their sensitive information will stay protected when they use your site, so for you ecommerce business to thrive it is a must to implement any security measures you can to ensure that trust.