Knock, knock. Who’s there? 🚪 It’s no joke when it comes to internet security. You want to know you’re dealing with, especially if there’s a money transaction involved. That’s why SSL Certificates exist, and we’re going to tell you all about them so you can have all the protection that’s required as a business owner.
What’s An SSL Certificate?
When an internet user enters sensitive data on a website — such as credit card 💳 information to make an online purchase — it must travel from the user's browser to the website's host server. This data is vulnerable in two ways: It can be intercepted by bad guys 👹 during transmission, or it can be transmitted to an impostor. SSL certificates protect against both vulnerabilities.
The primary purpose of an SSL certificate is to encrypt data during transmission so that, if intercepted, it can't be read. Think of SSL-protected data as a secret code that only the sender (browser) and the recipient (host server) can translate back into a known language. To any third-party that happens to be spying in between, it will look like gibberish.
We can help you process your Volusion SSL certificate order. In many cases, we can approve and install an SSL certificate without further action from you. If your site is new or not currently live on your domain name, you must first follow a special link we email to you.
How It Works
All commercial browsers such as Firefox, Chrome and Safari keep lists of certificate-issuing authorities, and they trust all certificates issued by those authorities.
If data is entered on a secure connection ("https://" rather than "http://"), the browser will make certain that the certificate is still valid (not expired) and was issued by a trusted authority.
If both conditions are true, it encrypts the data and sends it to the website's host server. This is a powerful level of protection, but it can be abused if it falls into the wrong hands. 👐
Protection Against Recipient Forgery
If you give an SSL to a scammer, it can actually make data theft easier by allowing the scammer to forge the identity of an intended data recipient. This is why a certificate-issuing authority can't simply issue a certificate for any requested domain name without verifying the requesting party's identity first.
If you successfully purchased a certificate for www.paypal.com, for example, you could create a fake PayPal site and collect user account credentials through the encrypted connection. That’s sneaky and bad!
Browsers would automatically allow it before the forgery was discovered and reported, creating a big headache for customers and businesses, and worst of all, lost money. 💸 This is why it’s super important that certificate-issuing authorities take steps to ensure they don't issue certificates to scammers.
To do this, they must ensure that the individual requesting a certificate for a particular website actually owns the website in question. The issuer sends an email to an address known to be an authoritative address for the website. In it, there is a special link for the owner to click to validate ownership. There are two kinds of authoritative email addresses: the WHOIS email address and approved-format domain addresses.
The WHOIS Email Address
When you register a domain name, you're required to provide your contact info, including at least one valid email address. For most domain names, this email address information is published in a public database called WHOIS.
Any internet user can look up information about any domain name in use in the WHOIS database, and there are many websites that allow you to query domain names in it.
Depending on the domain authority in the region of the registration, the listing displays certain information about each domain, which may include the
- Dates of registration and expiration
- Name servers of the DNS host
- Contact information of the registrant (domain owner)
Going Incognito: Unpublished Email Address
Some domain authorities do not allow display of a contact email address. This is true of all ".co.uk", ".com.au", and ".ca" domains. In other regions, when you purchase the rights to a domain name, some third-party registrars allow you to pay extra to keep your contact information private. In these cases, your contact information will be replaced by the privatization service's information.
You can view how your domain name registration record appears to us by searching for it on WHOIS. If your email address is not published, you may be able to contact your registrar to make it public, or you can create an approved-format email address.
If your WHOIS email address is published, keep in mind that it might not be the one associated with your Volusion store account (that you used to order the SSL certificate from our site).
If the WHOIS address isn't listed in our customer database, we may contact you at your Volusion account's primary address and ask you if the WHOIS address is yours and if you can access it.
If so, we can send the ownership validation email to it. If not, you may need to log in to your domain registrar's account and edit the Administrative Contact or Technical Contact email address.
Approved-Format Domain Email Addresses
If the WHOIS database doesn't contain email address information for a particular domain name, another option for ownership validation is for the certificate issuer to send an email to any of the following addresses:
In most cases, only the true owner of a domain name can create these addresses and receive emails sent to them.
How to Create an Approved-Format Address: Volusion-Hosted Email
If you host your email with Volusion, you can create an approved-format address for domain ownership validation in one of two ways: by creating a new mailbox or by creating an alias for an existing mailbox.
An alias is merely an address that forwards all messages received to an inbox of your choice. For instructions on either procedure, see "Email Account Setup." For acceptable address formats, review the Approved-Format Domain Email Addresses subsection above.
How to Create an Approved Format Address: Third-Party Email Hosting
If you host your email with a third-party email service provider, the process for creating a new mailbox or alias will depend on your provider's requirements. For more information, contact your provider directly. For acceptable address formats, review the Approved-Format Domain Email Addresses subsection above.
By setting up your SSL certificate, you’ll be ready to open your digital doors for business and let your customers know you’re a secure site to shop at! If they have any doubt about your trustworthiness, they can just look you up to see WHOIS there! 😜