Once you are dealing with personal data on your website whether through login forms or important data transactions, one of your priorities should be to secure the transfer of this data. Why?

  • sensitive information (credit card numbers, usernames, passwords) should be encrypted and understood only by the intended recipient
  • the end user should know that the existence and the validity of your website has been authenticated
  • to gain your customers’ trust

This can be done through a secure protocol such as SSL (Secure Socket Layers) which ensures that the data passed between the user and server is encrypted, and then decrypted with keys, leaving no possibility for a third party to hijack the connection.

SSL protocol will verify the credentials of yourself and the end server through SSL certificates, and once both identities are verified, it will allow a secured connection through a HTTPS webpage, over port 443.

The SSL certificates used in this protocol are actually small data files that will successfully bind your own details to a cryptographic key. Once an SSL certificate is connected to an end web server, it acts as a digital passport and initializes a secure session with browsers.

Generally, there are three different types of SSL certificates you could use:

  • Dedicated SSL Certificate – both most secure and most expensive, a secure connection is verified for your root domain only through a designated IP address
  • Shared SSL Certificate – if multiple domain names point to the same IP address, the host can then manage one single shared SSL on each server
  • Wildcard SSL Certificate – multiple subdomains of your website are targeted, which is useful if you have many such split functions on your website (e.g. shop.domainname.com, blog.domainname.com)

All web traffic between the web server and the web browser will be secure, once the SSL protocol has established a secure connection through an installed SSL certificate.

Browsers will also notify the users whether a website has been SSL secured or not. Some of the trust indicators are:

  • the address bar will turn from white to green for extended SSL certificates
  • the standard http changes to https in the address bar for standard SSL certificates


Image: example of browser address bar with an SSL sign (green and lock)


Image: details of SSL certificate

All digital certificates are verified through a chain of trust, and each SSL certificate needs to be issued from a trusted Certification Authority’s (CA) Root Certificate. If this root certificate is not presented on the end user’s machine, the browser will display untrusted error messages to the user (see image below).

SSL IE security warning