Skip to main content
Webshop trustmark and reviews ValuedShops
  • Increase trust and sales
  • The lowest price
  • Automatically collect reviews

How exactly does SSL work?

Written by Marcel Landeweerd
 

We get several questions about how SSL works. In this blog, we want to explain in an understandable way how SSL works for your web store. Some technical details may be lost in the process, but with this we hope to make the usefulness of an SSL connection clear.

When you send a traditional letter, you expect it to arrive at the recipient. However, it may happen that in the meantime someone opens the envelope and reads the contents and then forwards it to the intended recipient. It can also happen that the letter does not arrive at all, but you still get a reply back from this third person. The Internet consists of billions of computers. All these computer can communicate with each other. This works in a similar way to sending a letter. If you type www.webwinkelkeur.nl a digital letter is sent over the Internet. You expect your message to arrive at WebwinkelKeur, but you are not sure if it does. Also, your digital letter may arrive at WebwinkelKeur, but in the meantime it may have been read by a digital criminal. For example, if you log in at WebwinkelKeur, the hacker may also read your password with all its consequences. [caption id="attachment_33483" align="aligncenter" width="900"] Grafische weergave van een "man in the middle attack" Graphical representation of a "man in the middle attack"[/caption] This can be prevented by means of SSL. With an SSL connection, messages are sent securely. In simplified terms, the server sends you a box with a padlock. You can put a message in this box and lock it. However, you don't have a key to open the box. Only the server can do this. How exactly that works is too far to explain here, so SSL ensures that traffic can be sent securely and cannot be intercepted. But how do you know if the box you get sent is from the right sender? Who's to say a hacker won't send you a box? This is why SSL registers which boxes are from which website. This is done by the issuer of the SSL certificate. This is also why you pay for an SSL certificate. The issuer of the SSL certificate keeps a list of boxes and who is allowed to use the boxes. In this way, your visitor can be sure that the boxes he is sent originate from you and that the information he sends arrives with you.

Different types of boxes

So what is the difference between the different types of SSL certificates ? Technically, they all work the same. However, the difference is in the validation. With the simplest form SSL certificate, it only checks if the box comes from a particular URL. In this case, a hacker can still register www.wobwonkelkeur.nl and use an SSL certificate for that. With more expensive SSL certificates, however, there is also a check on which organization "requests the boxes," i.e., there is a check on whether Stichting WebwinkelKeur is the owner of the domain. With these certificates, you get a green bar with the name of the organization, while with cheaper certificates you only get a gray lock. Een SSL certificaat met en zonder Extended Validation (EV)

An SSL certificate with and without Extended Validation (EV)

Own IP Address (usually) necessary

Use of SSL must be supported by your hoster or web store provider. To use the analogy of the letter and the boxes again. With cheaper hosting, there are multiple webshops on 1 address. So you may be sharing your IP address with 100 other web stores. If I want to send a digital letter to your web store, I write that shared address as the addressee on the digital envelope. In the letter I then put that the message is intended for your webshop. If you use SSL, then the contents of the letter can only be read if you have the key. Because only your web store has the key, you cannot share an address. You therefore need your own IP address, which is why many cheap hosting parties or SAAS web store packages do not support an SSL certificate. They often share a single IP address with multiple web stores. In those cases, you can not use SSL without additional payment. Now there are techniques with which an own ip address is not necessary, the disadvantage is that these old operating systems and browser do not support. These are combinations such as:

  • Internet Explorer (any version) on Windows XP
  • Safari on Windows XP
  • BlackBerry Browser
  • Windows Mobile up to and including 6.5
  • Android standard browser on Android 2.x

We therefore recommend that you always ask your hoster or web store provider to what extent it is possible to install your own SSL certificate. Read more about installing SSL on your web store .