SSL Certificate

SSL (Secure Sockets Layer) certificates are files, regularly installed on safe online servers, that recognize a specific website. This type of digital certificate effectively corroborates the authenticity and identity of the business that owns and operates the shopping website so that Internet shoppers know that their transactions are truly safe from hackers who could steal precious credit card and identity information. The Certificate also establishes that the business and site is reliable. To verify that such online shopping sites are indeed legitimate, the merchants and their respective websites are often confirmed by a third party, such as Thawte or Verisign.

As soon as a verification company attests to the authenticity of organizations or merchants and their affiliated websites, the verification firm will provide an SSL certificate. Usually, this service costs the merchant a fee of a couple of hundred dollars or so. The digital certificate is actually installed on the merchant’s web server and can be viewed at the time a consumer goes into the secure checkout area of the company’s website. A user can see that they are visiting a verifiably secure page when the URL on their computer’s address bar begins with “https” instead of the traditional “http.” The “s” indicates that it is secure. In order to see the actual SSL certificate for the site being used a user can click the “padlock” image near the edge of the browser window.

Current Status Certification

Since SSL and other digital certificates confirm a merchant’s current status, these are not “infinite approval” stamps. SSL certificates almost always expire within a few years (1-3) after they are established. If the certificate isn’t renewed at the right time before the predetermined expiration date, a consumer will likely see a warning box that reads, “This website’s certificate has expired.” The “error” alert is shown because the web server that a customer connects to hasn’t renewed its SSL certificate. It has nothing to do with a consumer or their computer operations. While this message does not necessarily mean the website is a fake, it suggests that the website is not handled in a fully professional manner.

An SSL certificate creates a confidential communication passage that enables data to be encrypted in the process of transmission. Encryption jumbles data, creating the equivalent of a “secure envelope” that guarantees the privacy of the message.

Key to the “Buy Way”

Every SSL certificate is made up of a private key as well as a public key. The public key encrypts information while the private key essentially deciphers it. At the time that a web browser is directed to a secure domain, what is known as a Secure Sockets Layer “handshake” authenticates the server, the website, the consumer and the connection. A “session key” establishes an encryption method so that a truly secure transmission may begin.

Authentication is the other important process that follows suit. Most SSL certificates are made for a specific server, in a particular domain, for a confirmed merchant entity. At the time that the SSL “handshake” happens, a browser obtains authentication information directly from the server. When a user clicks the locked padlock in the browser window or a specific SSL “trust mark,” the website visitor can then view the authenticated organization’s name. If, as described above, the information doesn’t match or the certificate is expired, an error message is shown in the consumer’s browser.