Creating a Secure Website Using Secure Socket Layer (SSL)
By Marcus Lim
When setting up a website that will require payment through credit card or that will
require clients to provide sensitive personal information, it is important you apply ask for
a minimum level of security form your web hosting or domain registration service provider.
That way, you can make it much more difficult for your clients or your business to fall prey
to identity thieves and credit card scammers. One protocol that has effectively become the
de facto standard for website security is Secure Socket Layer (or SSL). The basic concept behind
the SSL technology is establishing a secure connection between the end user and the website
and thereafter encrypting any information exchanged between the end user and the website.
SSL technology works by the use of internet keys with a private and a public key required.
When an end user contacts an SSL secured website, there is an exchange of these keys in order
to establish the identity of both parties for the rest of the data transmission session. Once
a client logs into a website that is secured through SSL, the computer they have logged in
from receives the public key from the website and in turn sends an encryption key to the web
hosting server. The key from the client's computer triggers the release of a password that
is sent to the client's computer that is decrypted by the client's computer hence ensuring
that the exchange of information is only done between the client's computer and the web hosting
server for the website.
The successful exchange of keys is sometimes referred to as a digital signature. Once
these keys are exchanged and the session established, clients can safely key in their personal
information without the fear of data interception or session hijack between their computers
and the web hosting server. The use of keys means that the data is encrypted using the public
key but can only be decrypted by a corresponding private key held by the final recipient of
the data. When you use a web hosting or domain registration that either provides or facilitates
SSL security, users can come to your website with greater assurance of the integrity of any
data exchanged.
One of the things that makes SSL technology so reliable is the fact that best practice
requires the use of a third party authentication company such as Verisign or Thawte to complete
authentication. You as the website owner in liaison with your web hosting or domain registration
service provider can first secure your website by creating a private and public key as a first
step. You then need to contract the third party authentication providers to further encrypt
your public code using their third party private key in order to provide the tertiary security
that cannot be deciphered even by you as the website owner. Before accessing this service,
the third party authentication providers will require proof of ownership of the web hosting
server as well as confirmation that you are the owner company as indicated in the domain
registration data.
Steps on how to make an SSL secured website
• First develop a standard website by using HTML, PHP, ASP or any other web
development language that you prefer.
• Once your website is ready, you will then go through the normal process of
domain registration and procuring the services of a web hosting provider.
• It is only after you do this that you will go ahead to purchase SSL certification
from the third party SSL companies such as GoDaddy SSL, Comodo, Thawte, Verisign etcetera.
Many domain registration and web hosting companies are also agents for selling SSL certification.
Therefore, you can easily purchase your SSL certification through your web hosting company.
The SSL company will simply verify your ownership and confirm details of the company before
completing the process of securing the website.
• Once the SSL certificate issuer has verified ownership and authenticity of the
website, they will provide you with the symbols you can use to identify that your website has
been secured by them.
• SSL websites start with the prefix "https://" as opposed to the regular "http://".
They will also have a symbol such as a padlock but the actual symbol is dependent on the web
browser the end user has.
Pace Work Technologies is a fast web
hosting company and a domain registration company.
More Web Design Coding Issues: • Web Designer's Reference • Web Design Blunders That Can Cost You Lost Profits • Increase Your Traffic by Recovering Your Lost Visitors • Seven Effective Ways to Build Your Own Web Site • Video - HTTP caching • What is AJAX? • How to Redirect a Web Page Using a 301 Redirect • Web Design Troubleshooting Guide • What is a Web Service? • Set Up a Freefind Search Box on Your Website
|