Tags for this article: ecommerce, https, protocol, secure, security, web server, website
If you have decided to run an E-commerce or an online store Website, you should have the knowledge of HTTPS (“hyper text transfer protocol with secure sockets layer”). “HTTPS” is nothing but a protocol to transfer your encrypted data through Web.
There are chiefly 2 main differences between an HTTP and HTTPS connection network.
HTTP connects on the port 80 while HTTPS connects on 443. HTTP encrypts the data received and sent as plain text while HTTPS encrypts in SSL.
Almost all the Web customers are aware that, they have to look out for HTTPS in URL and have to lock icon when they are in the process of transaction. If your storefront isn’t using HTTPS, then you are going to lose your customers. It’s common to find on Websites that some of the stores use plain HTTP to collect money including the customers’ credit card details and doing this way of business is very bad to you and your customer and you might lose your customer.
As mentioned above, HTTP sends and receives the data over the internet as a plain text. This means, if you have a credit card form which asks the credit card details of your customer and the credit card details furnished by the customer can be easily intercepted by anyone on the net by using “packet Sniffer” (a wiretap that is used to eavedrop the computer networks). Since there are a lot of “Free Sniffer Software Tools” (example: “Ethereal Network Analyzer”, “Network Probe”, “AnalogX PacketMon”, “Analyzer”, “Sniphere” and many other) and the people using this can be anyone. By using HTTP and if you are collecting credit card information, you are broadcasting the entire details of the credit card to the world. Later your customer will realize that his credit card information is leaked when comes to know that some theft has happened.
What are things you need to host secure pages?
There are only few things you require to host pages that are secure on your Website.
Firstly, Web servers like “apache” along with “MOD_SSL” that will support SSL encryption
Secondly, unique IP address (it is used to validate the secured certificate by certificate providers)
Thirdly, SSL certificate from the providers of “SSL certificate”
If you are very much sure about the first 2 items, contact your Web Hoster so that they can help you.
After obtaining HTTPS certificate
In your Web server, your Web hoster has to set the certificate so that each and every time a page is accessed, it has to hit the secure server. Once this work is done, you can carry on with building your WebPages that has to be secured.
Some of tips to use HTTPS
Point at all the Webforms on HTTP: whenever you go to the link of Webforms on your Website, get used to link them with full Server URL.
On secured pages use “relative paths” on images
Secure the page that collect and requests the data: this done because if your entire pages are secured, your server will slow down and the charge will be more.