What
is SSL?
SSL (Secured
Socket Layer), is used for sending and receiving sensitive information such
as Credit Card information across the World Wide Web. It ensures encrypted/secure
communications between the client and receiving server. The SSL protocol
supports the use of a variety of different cryptographic algorithms, or
ciphers, and most of which provide 40, 56, or 128 bit encryption security.
Key-exchange
algorithms like KEA and RSA key exchange govern the way in which the server
and client determine the symmetric keys they will both use during an SSL
session. The most commonly used SSL cipher suites use "RSA" key
exchange, which many of you have probably seen displayed on numerous
websites, and next to a provider called "GeoTrust", who issues the
SSL Server Certificates. A certificate is used to officially identify you as
a legitimate SSL enabled website, and displays your name as the certified
holder when visitors check it.
When
to use SSL?
SSL is not
generally, nor should it be used for all pages on a website. SSL is most
commonly used for the sending and receiving of sensitive information such as
credit cards, membership ID's, or customer billing information access. SSL
need only be used on the "particular" page where the secure
activity is taking place. ALWAYS use SSL when asking for credit card
information. If visitors do not observe the https// appearing on the form
URL, and the "SSL Symbol", does not illuminate in their browser,
they won't be doing a whole lot of business with you. No one wants his or
her credit card information intercepted and stolen as the result of a site
not using SSL encryption!
SSL
Usage?
There are two
different ways of using SSL. The two are essentially the same, however one
will display "VOSN" as the certificate holder, and the other, (which
you must purchase) displays "your company" as the certificate
holder. Essentially, when visitors click on an SSL enabled page, they
receive a message that displays information about the owner of the SSL
certificate. In most cases, e-commerce based websites would prefer to have 'their'
name appear as the holder because it maintains a professional appearance.
Alternatively, and if it matters not, you could simply use our default SSL
server, however visitors will see "VOSN" as the owner of the
certificate. We'll explain how to obtain your own certificate later in this
document.
