As more and more people are taking their businesses online, security becomes a primary concern for those engaged in E-commerce.  Clients need assurance that the highly sensitive information they share online (Credit card numbers, addresses, contact information, etc.) don’t fall into the wrong hands.

SSL gives them that assurance.  The SSL Protocol stands for Secure Socket Layers.  It’s a process wherein sensitive data that are transferred between users and servers are encrypted and decrypted to keep them safe from tampering and hijacking.  

How does it work?

Normally, data is transferred between the browser and the web server in plain text, making it vulnerable to sniffing or eavesdropping.  If an attacker sniffs or intercepts the data being sent between a browser and the web server, they’ll be able to see the information.

An SSL protocol is designed to protect sensitive data while it’s in transit.  It ensures that the data is transmitted and interpreted only between the correct endpoints, by encrypting the data while it’s travelling to and from the sender and recipient.

In a nutshell, this is how the SSL protocol works:

1. Bob, a client, wants to purchase a shirt from Craig, an online retailer.  In order to complete the order, he needs to send in his credit card number and other highly sensitive data.  Bob wants to make sure that he is sending his credit card number to Craig in the most secure way.
2. To put Bob at ease, Craig sends him two keys:  A public key and a private key.  The public key encrypts the data, which means, anyone intercepting the transmission will only see a meaningless combination of characters.  The private key allows Bob to decrypt the data back.
3. A message digest is also sent along with the encrypted data.  This fixed-length replica of the original data ensures that the latter has not been intercepted or modified along the way.
4. Bob also needs to make sure that he is sending the data to Craig alone.  Craig, therefore needs to authenticate himself.
5. Craig sends Bob and the Certificate Authority (CA) a Certificate Signing Request (CSR) along with the encrypted data.  This certificate contains Craig’s domain name, organisation name, and location.
6. The CA verifies the CSR (either by ensuring Craig is the owner of the domain, or identifying his connection to the business or organisation) before issuing him an SSL certificate, which would allow Bob to finish the transaction as secure as possible.

Do I really need an SSL certificate for my website?

The short answer is yes.  If you are running an e-commerce website, or any website that would require your users to submit sensitive data, such as credit card numbers or contact information, you need to provide assurance that data transfer between them and your website is kept secure and intact.  Purchasing an SSL certificate for your website also gives you the following benefits:

•  Security and authentication.  As a user’s data can get passed along through several computers while in transit, SSL certificates ensure that they are only received and interpreted by your web server alone.
• Website rankings.  As Google places high priority on online security and is working on making the Internet a safer place, they are taking into account whether a website uses a secure and encrypted connection in their search algorithms.  As a result, a minor ranking boost is given to websites HTTPS encryption. In addition, it removes the break in the referrer tracking in Google Analytics, which could affect the accuracy of the reports on the amount of traffic or conversions a website receives.

By default:

• Zeald WordPress websites set up on or before January 2017 come with a one (1) year free SSL certificate.  After that, you’ll need to purchase an SSL certificate for your website;
• Zest websites come with a free shared SSL certificate.  However, secure pages will have the secure.zeald.com domain, unless you purchase your own SSL certificate.

If you have a Zest website, we recommend purchasing your own SSL certificates (as opposed to using shared SSL certificates) for the following reasons:

• Having your own SSL allows you to still use your own domain name for secure pages, which can definitely create a better impression.  A website showing your own domain name instead of hosting company’s name may look more professional, thus making your clients feel more secure submitting sensitive data.
• Your customers and prospects won’t have to deal with annoying warning messages that pop up when a visitor tries to access your website via a secure connection.
• It removes the break between your secure pages and your unsecured pages.  This means that you have the secure pages load from the same domain, thus, making your reporting system more accurate.

How do I know if my secure pages have SSL’s?

A secure page’s URL will begin with an HTTPS and have a lock icon on the address bar.  See the image below:

For Zest websites on a shared SSL certificate, it will have the secure.zeald.com domain instead of your website’s own domain:

If you would like to have your own domain instead of the hosting company’s name on your secure page’s URL, you will need to purchase your own SSL certificate.

Why should I get an SSL Certificate from Zeald? 

Our SSL certificates are supplied by Comodo, one of the premier SSL Certificate providers on the Internet today. To date, they have issued more than 945,000 SSL and code signing certificates since 1995 in 240 countries.

Comodo SSL certificates include:

• Comodo Trusted Site Seal, which shows website visitors that their information is protected.
• 99% browser compatibility
• up to 128bit

By purchasing a Comodo SSL certificate through us, you will be doing away with the inconvenience of having to install the SSL certificate on your website by yourself.  All you have to do is to place an order via portal.zeald.com and wait for the SSL certificate to be approved and installed to the portal.  Follow the steps outlined in Setup an SSL Certificate to know how to purchase an SSL certificate through us.

IMPORTANT:    Your SSL Certificate will need to be in PEM Format, which is suitable for use with an Apache web server or openSSL.

How do I renew my SSL Certificate?

To know how you can renew your SSL certificate, follow the steps outlined in Renewing your SSL certificate.