Understanding SSL

We are asked all the time what is SSL?

It stands for Secure Socket Layers. It is an encryption of a data stream of information from  server to server or from server to home computer.
You will often see websites that redirect to a secure location, the address bar may turn colors or a padlock may show in the browser in the top right hand corner or bottom right hand corner. If you click on the padlock it will give you the security information about the website you are on. The easiest way to know is if the address bar shows https instead of http.

Zen Cart store owners need to run SSL mainly to protect credit card transactions and user data so that people or “bots” can not intercept the information in plain text form. Getting more technical this is called “man in the middle” attacks or packet sniffing.

As a store owner you may have heard that you will need to buy an SSL Certificate. Now there are a lot out there and I am going to explain what the differences are for the main commercial types.  You may have heard types named 128 bit and 256 bit. All certificates are able to do both and all browsers now recognize both. When you create a server key on your hosting account make sure it is 256bit and if you don’t have the ability request this from your hosting company to do it for you. Lets start with the basic and move our way up to the more complicated.

You may be confused about what type of certificate you need to buy and there are many to choose from. Below is a list:

1) Standard SSL – usually priced between $30-$100 per year. (supports 1 domain) Ie. RapidSSL, Godaddy etc. This is a good option for a new store owner. It has the basics and $10,000 in insurance. Shows a lock and provides the bare minimum.

2) Business Validation SSL- usually priced between $149-$400 per year. (supports 1 domain and makes you go through a business verification check. This also shows on the certificate) This is for the company that wants their customers to know they are a legitimate company and not a fly by night operation. It has a mandatory company verification process where they have to prove who they are. Insurance is usually $100,000 on this type of certificate.

3) Business Validation SSL with EV – usually priced between $400-$1200 per year. This is the same as the certificate above with additional features such as “green address bars” and extended validation of the business. Insurance is usually $150,000.

4) UCC Certificate – usually priced between $50-$500 per year. (supports multiple domains 5 to unlimited.) This is a great option for web store owners that have multiple stores under the same hosting account and one dedicated ip address. This is a new type of certificate as it fixed the problem for multiple domains under one dedicated IP.

5) Wildcard Certificate -usually priced between $199-$2000 per year. (supports unlimited sub-domains and can be used on multiple servers.) This type of certificate allows the unlimited use of domains such as sub1.domain.com, sub2.domain.com, sub3.domain.com etc. These types of certificates are used by companies to secure their server’s services such as SSH, FTP, Email, Webmail, Server Hostname etc.

I have had some people ask me why are these Certificates, if they offer the exact same thing, different prices? The prices are based strictly on the Brand Name and Insurance offered. Sort of how people are willing to spend $150 for a designer pair of jeans. It is no different for SSL Certificates. Let me make one statement absolutely clear:

THERE IS NO DIFFERENCE TO ANY PART OF THE ENCRYPTION OF ANY CERTIFICATE.

All certificates function the same way and provide the exact same output, are all exactly the same quality and are equally secure. You get the same out of a $30 certificate as you do a $2500 certificate as far as the encryption goes. Again, what you are paying for is brand, flashy green bars, additional insurance,  validation of your company and this information added to the certificate itself for customers to view.