Thinking of starting your own e-commerce website? You will need a secure socket layer certificate, otherwise known as an SSL certificate, or just "SSL" for short.
Secure certificates create an encrypted connection between your website and a web browser. Through this encrypted connection, information can be passed between your web server and the web browser without worry that a website hacker will be able to steal credit card numbers or other personal information.
SSL certificates come in many variations depending on which security company you purchase them from. Here are the typical variations:
1. SSL's for a single domain name - This will secure the domain name jewelrystore.com
2. SSL for multiple domain names - This will secure the domains jewelrystore.com,www.jewelrystore.com, and mail.jewelrystore.com.
3. SSL for wildcard domain names - This will secure any number of subdomains you might have which could include blog.jewelrystore.com, jewelrystore.com, www.jewelrystore.com, and any other variation of *.jewelrystore.com
4. Extended Validation SSL - This is also known as the "EV SSL." This type of certificate is issued to websites whose ownership is validation through an extensive vetting process. The issuing certificate company will need to validate the actual existence of the business who owns the domain. The validate usually requires proof of a telephone number, physical address, legal name, and usually a bank or utility bill. The process requires several days to get through, sometimes as long as 30 days depending on the proof requested and the difficulty for you to provide it.
The secure certificate companies report greater customer trust and satisfaction for those website using the EV SSL. When users visit a website with an EV SSL the address bar will show an extra green indication that the website owner has a higher trust level. Like other trust indicators you can use on your site, I have to assume this will work in your favor.
You need to be aware of a few things in order to make your SSL application go smoothly. The SSL application will ask for the domain name to be secured, the owner of the domain, the city, state, and country of the owner. All of the information entered in the application must match the Registrant information of your domain name.
Before you apply for your SSL you need to double check the ownership (Registrant) of your domain. The smallest typo could prevent the SSL from being issued so make sure you are constant with town, city, and street abbreviations between the registrant information and your SSL application.
Another factor will be your email address. Some SSL companies will require that the certificate application is authorized through "official" addresses like firstname.lastname@example.org or email@example.com, other companies will simply require that the application is authorized by the email listed in the "Administrative Contact" of domain name.
The certificate application will also need something called "certificate signing request" or "CSR" for short. This is something you will need to get from your website administrator. The administrator will need to use your application information to create an encryption key right from the website. The encryption key looks like a jumbled long string of characters. You will need the CSR during the application. From experience it will be easiest to allow your website administrator to apply for your certificate on your behalf. It will speed the entire process up. Once the certificate is issued, the website administrator will have to add it to your website.
The last SSL topic I want to cover is how Google views your website when using secure certificates.
Google will view the secure and non secure versions of your website as 2 different websites. For this reason you have the potential of unexpected duplicate content, and therefore accidentally zapping your website out of search results.
Typical e-commerce websites will make the mistake of only securing the shopping cart pages of your website. This is the loophole through which Google will discover both the secure and non secure version of your site.
To avoid the duplicate content problem you need to force all your visitors to use the secure (https) version of your website. Your website programmer will have more information on how to do this using the 301 redirect feature built into you’re the web server. You would effectively be shutting down the non secure (http) version of your website.