On the internet today there is millions upon millions of data stored ranging from simple website text right up to personal banking details. Some of this data is added directly to each web server by a website admin; where as other data is added and manipulated through a browser such as Internet Explorer or Firefox.

When adding data to a site we like to know that the page is secure, this is accomplished using a SSL Certificate. SSL Certificates are essentially a key that when applied to a web server, enable the Secure Socket Layer (SSL) protocol which handles secure HTTPS connections. The SSL protocol encrypts data being transferred from browser to server in either 128-bit or 256-bit as set by the SSL Certificate used.

SSL Certificates are unique for each domain name, just like each driving licence is unique to each person. You should not use the same certificate on different domains; one should be generated for each. Most browsers will only trust a number of registered SSL Certificate vendors, so if you try to generate one your self (which is possible), the browser will give a warning, letting you or another person visiting your secure site know that the certificate is self signed (i.e. you have generated it not a vendor).

If you had an e-commerce shop and your visitors seen such a warning, then they are likely to go else where for their shopping. This is where SSL Certificate vendors come in. They offer SSL Certificates that are not only trusted by almost 100% of browsers, but also come with a seal that a customer can trust and a warranty of anywhere up to £250,000 to cover a mis-issued certificate. Purchasing a certificate from a recognised vendor will ensure your visitor receives no warning and that they feel more confident placing their details onto your website.

SSL certificates are essentially just a registration key, without a server supporting the SSL protocol and a dedicated IP they wouldn’t be of much use. The SSL protocol requires that SSL Certificates be attached to one dedicated IP and that no more than one SSL certificate can be installed per IP.

Some web hosting providers try to get around this by offering something called Shared SSL. This is where they install a certificate either from a vendor or self signed onto an IP for a number of their customers to use. This is ok for the admin of the site, but if the Shared SSL site is being accessed from another domain that the certificate is not registered to then a warning will be shown as mentioned above. This situation is only acceptable if the admin wants a secure connection from your browser to your hosting server and not for the general public to access.

SSL Certificates are rapidly growing as more and more people want their sites to be secure. It is very easy for anyone to purchase a certificate now as they are relatively cheap to buy. This now raises the question that if SSL Certificates costs very little, everyone is using them, and the site you are browsing looks secure….

Is the data actually secure when it reaches the server?