SSL Certificates And E-commerce

SSL and SSL certificates are not the same thing. SSL stands for Secure Socket Layer and is an encrypted form of communication between a web server and your web browser. An SSL certificate is required to create this secure connection between the web server and your browser. In this article we’ll cover what an SSL certificate is and where SSL fits into the security for your online store.

Two Types Of SSL Certificates

All SSL certificates fall into one of two categories. A self-signed ssl certificate is a free certificate that you can generate on your own and will serve to encrypt the connection between the web server and web browser. The other type of SSL certificate is one that you pay to obtain from a 3rd party ssl certificate like VeriSign or Thawte. Both self-signed and purchased 3rd party SSL certificates provide the same technical level of encryption and security. So what’s the difference? Trust.

SSL Certificates Are All About Trust

Your visitors want to know that they are shopping on YOUR store and not being tricked into shopping on a bogus store that looks like your store. You may have heard of phishing scams where a bogus site is developed to look exactly like a popular site like PayPal. You then show up at the bogus site and enter your personal information not realizing that even though the site LOOKS like PayPal it’s really run by criminals.

This is where SSL certificates come into play. Suppose you click a link in an email and you end up on a site that looks like PayPal. If you look at the SSL certificate on the site you will be able to see whether or not the domain name (web site) you are on is actually owned by PayPal. If not, then leave the site immediately.

trusted SSL certificate

Untrusted Self-signed SSL Certificates

Web browsers have a certain pre-defined set of 3rd Party SSL certificate vendors. If the SSL certificate you are using on your site is issued by one of these vendors, then you have a “trusted” site. When you obtain an SSL certificate from a 3rd party vendor such as Thawte, you have to provide information to verify who you are so that when someone visits your site they can be confident that they are dealing with your “official” business – not some bogus company pretending to be you. A self-signed certificate won’t be recognized as a “trusted” site and you’ll see a warning that looks something like this (depending on what web browser you are using – this is what Firefox does).

untrusted self-signed ssl certificate

SSL Certificates Are Required For PCI Compliance

Cart66 Cloud is the only WordPress e-commerce solution that makes your store PCI compliant – and that includes a lot more than just an SSL certificate. It is not true that you can simply install an SSL certificate and achieve PCI compliance. An SSL certificate is just one of the many requirements for PCI Compliance. When you use Cart66 Cloud all the security you need, including an SSL certificate is included. You shouldn’t have to worry about all of the technical details of secure e-commerce when what you really want to do is focus on your business. For more details on Cart66 Cloud security, please see How Cart66 Cloud protects your online store.