Secure
Sockets Layer (SSL) is the basis for all financial transactions
on the internet right now.
Back
to Web Hosting Articles
What is SSL? And how can I use it?
SSL stands for Secure Sockets Layer. What this means in plain
language is that when a Internet Browser connects to a server
connected to the internet the transfer of data between the
browser and the server is encrypted. The data is encrypted
so no one who is possibly intercepting the data transfer between
the two can read it. So while a person can intercept the data
transfer they won’t be able to read the data because
it will be gibberish to them.
To use SSL there must be several requirements
met first. The first requirment is that the Internet Browser
be cabable of handling
SSL communications. This generally isn’t a problem with
most of the commercially available browsers nowdays. The second
requirement is that the server must be set up with a certificate
which allows SSL communications. This SSL certificate is set
up by the web site owner. SSL encryption comes in two versions
56-bit encryption and 128-bit encryption. The higher the number
the better the encryption.
So where can you get a SSL certificate for a
web site? You can get them in several places. First, the web
site can just create
their own certificate. There is nothing wrong with doing so,
but in doing so when a person visits the web site the visitor
might get a warning that the certificate isn’t trusted.
This is because the person just created it and did not go through
one of the commercial entities providing certificates, which
are considered trusted. If a web site owner gets the certificate
from a commercial entity (for a cost of course) these entities
will verify the site owner and the warning will not generally
appear.
To use the SSL encryption the person visiting
the website must use the “https” protocol. Normally, if you look at
a web site address you will see the address as “http”.
This page’s address is “http://www.e3servers.com/articles/ssl.htm”.
At the front of the address is http. If we were to use encryption
for a web page we would use the https instead of https. The “s” stands
for secure. It is only when you use https you know the web page
you are viewing is encrypted with SSL. To see a SSL encrypted
page look at
this page. With some browsers you might see a gold
lock on the bottom of the browser indicating that the browser
is viewing a SSL encrypted page. However, the absence of a gold
lock or the presence of the gold lock DOES NOT absolutely mean
that the page is SSL encrypted. ONLY if the address starts with
https can you be sure of the encryption. This is because sometimes
there are items written in the web page which indicate to the
browser that the page isn’t encrypted when in fact it is.
SSL encryption is used primarily for e-commerce
applications. While not all communications between a browser
and server are
intercepted you never want to take a chance when you are submitting
to a web site information concerning your credit card, home address
information and/or any personal information. Without SSL encryption
every time you ordered something online you might be giving out
your credit card number to a thief. Without SSL encryption there
would be no e-commerce. A common question is that if a site uses
SSL encryption is the information safe when data arrives at the
server? No. SSL encryption only makes the data transfer difficult
to read. Once the data arrives either at the browser or at the
server it is no longer encrypted. That’s why there are
firewalls and other items used to protect servers and computers
attached to the internet. Protecting information on the net relies
on several things and SSL encryption works only on the flow of
information not the storage of information.
|
