SSL certificates provide encryption for websites to securely transmit sensitive information between a server and web browser. When a user visits an HTTPS website, the browser and server establish an encrypted connection called an SSL handshake using public and private keys. This ensures data transmission cannot be intercepted. SSL certificates must be purchased from certificate authorities and installed on web servers to validate a domain's identity and allow HTTPS encryption. They are especially important for e-commerce sites collecting credit cards and sites with login sections to protect user data.

1. SSL: CERTIFICATES,
SECURITIES
Web Resources
1

2. OVERVIEW
With the increase of online shopping it is essential that
any e-commerce website have a security protocol that
provides a secure channel between two machines
operating over the Internet
2

3. SSL
SSL – Secure Socket Layer
 https:// shown in the address bar
 Should be used when there are logins, payments or other private
information being sent
 Standard security technology for establishing an encrypted link
between a server and a client (web server and a browser)
 Normally data sent between browsers and servers are sent as plain
text
 Attacker can intercept all data being sent
 Web browsers know how to trust HTTPS websites based on certificate
authorities that come pre-installed in their software
 Certificate authorities (Symantec, Comodo and GeoTrust) are being
trusted by web browser creators to provide valid certificates
 HTTPS are important over insecure networks (public WiFi access
points)
 Different types of SSL certificates available for purchase (QuickSSL
etc) to secure multiple domain names 3

4. CREATING A SECURE
CONNECTION
When a browser attempts to access a website that is
secured
 The browser and server establish a SSL connection called a “SSL
Handshake”
 Three keys to set up the SSL connection
 Public, private and session keys
 Anything encrypted with the public key can only be decrypted with
the private key and vice versa
 Encrypting and decrypting take up a lot of processing they are only
used during the SSL Handshake to create a symmetric session key
 After the secure connection is made, the session key is used to
encrypt all transmitted data
4

5. WHY SSL
Online businesses need to create a trusted environment
where custers feel confident in making purchases
Browsers give visual cues (lock icon, green bar to help
visitors know when their connection is secured
If your site collects credit card information you are
required to have an SSL Certificate
If your site has a login section, you should use SSK
Certificates to protect that data
Google, Twitter and Facebook now default many of their
services to HTTPS
5

6. HOW TO GET ONE
An SSL certificate can be purchased through a certificate
authority simular to how Domain Names are purchased
through a DN Registrar
A piece of code need to be generated by the server called
a CSR (Certificate Signing Request)
Once the CSR is generated it can be provided to the
certificate authority who will proved a Private and Public
key to be installed on the server
You must have a dedicated IP in order to get an SSL
certificate on your site
6

7. LET’S ENCRYPT
Is a free, automated, and open certificate authority (CA),
run for the public’s benefit.
It is a service provided by the Internet Security Research
Group (ISRG).
7

8. SEO BENEFITS
Ranking
 Google were ranking websites in the organic search results with a
sight preference towards those with a SSL Certificate
Once an SSL has been installed, or whenever the website address is
changed it needs to be moved carefully – Google put together a guide
to transfer, move or migrate your site
Track your HTTP to HTTPS migration through analytics software within
Google Webmaster Tools
8

9. SUMMARY
With the increase of online shopping websites, it is
essential that any e-commerce website has to have an
SSL certification that provides a secure channel between
two machines operating over the internet.
9