The SSL certificate is used to
transmit information securely, protecting user data from fraud, identity theft
and phishing . (In this article you will find more information on Phishing and
how to defend yourself) SSL
Certificates , considered
mandatory for some time now, are used both to authenticate the identity of a
website and to encrypt information sent to the server. In other words, they
protect communications via the Internet in such a way that sensitive
information provided by users on the web, such as passwords or personal data,
remains confidential and cannot be intercepted by third parties. There are 3
main types of SSL certificates:
·
Domain
level validation that certifies only the internet domain and can only be
requested by the domain owner
·
Organization
level validation that certifies a company's ownership of the site and can
be requested by authorized representatives of the company
·
Extended
validation that offers the greatest degree of security and reliability of a
website
In any case, the SSL certificate contains precise information on:
name of the holder of the
certificate
·
Serial number
·
Expiry date of the certificate
·
Copy of the public key of the certificate holder
·
Digital signature of the certificate issuing
authority
After obtaining and implementing
the SSL certificate on your site in the browser navigation bar, the domain name
will be preceded by a lock icon to demonstrate that the connection is secure.
What is the HTTPS protocol
HTTPS, which stands for H yper T
ext T ransfer P rotocol Secure , is a secure communication protocol that
creates an encrypted connection between the user and the website.
Data sent via HTTPS cannot be
changed or damaged in the transfer without anyone noticing. Finally (and last
but not least) the HTTPS protocol serves to authenticate the identity of a
website, transmitting greater confidence to the user, which is fundamental
especially when the site in question is an e-commerce.
Computer encryption
Internet communication security
uses encryption, which literally means "hidden writing". Thanks to
encryption, therefore, the information that users write in the clear is
transformed into an encrypted form and therefore is readable only to those who
have the key to decipher it.
In the IT field, two types of cryptography are distinguished:
·
Symmetric , it uses the same key both to create
and to decode the ciphertext
·
Asymmetric , use two different keys to encrypt
and decrypt the text
The effective safety certificates
To implement the HTTPS protocol
it is necessary to obtain a safety certificate issued by a certification
authority that adopts certain measures to verify the website's membership in a
specific organization.
Several certificates are
available and it is important to choose the optimal one for your website. You can choose between three
different options:
1. Single
certificate for a single protected origin
2. Multi-domain
certificate for several known protected origins
3. Wildcard
certificate
In addition, to implement the
HTTPS protocol we recommend:
Use server-side 301 redirects
So that all the pages, previously
indexed with the http protocol, also respond in https
Check the crawl and index ability
Google must be able to crawl and
index HTTPS pages, for this it is necessary not to block them using robots.txt
files, not to include no index meta tags in HTTPS pages and finally to use the
URL Control tool to verify that Googlebot is able to access your pages.
Implement HSTS support
Which instructs the browser to
request HTTPS pages automatically - even if the user enters http in the address
bar - and to Google to publish protected URLs in the search results.
Free SSL certificate
SSL certificates can be obtained for free. The difference with a
paid one is the level of protection, for this reason the former are more
suitable for personal projects such as a blog.
Those who want a free certificate
can evaluate Let's Encrypt , proposed by a non-profit Certificate Authority.
Let's Encrypt has several limitations compared to a commercial certificate, for
example it only offers domain validation, does not control domain ownership,
does not extend certification to third levels and does not offer support.
Those who manage an e-commerce
therefore cannot be satisfied with a free SSL certificate that does not offer a
level of security that guarantees maximum peace of mind to their customers.
SSL certificate for e-commerce
It is now clear that for an
e-commerce site it is necessary to have highly effective certificates, and
security pays off.
Not all paid SSL certificates
are the same and the price is also different. The higher the level of protection
offered, the higher its cost.
Here is a list of some of the SSL
certificates that can be used by an e-commerce, but also by other types of
websites:
1. RapidSSL
certificates
2. Thawte
certified
3. GeoTrust
certified
4. Comfortable
Certificates
5. Actalis
certificates
No comments:
Post a Comment