At the end of last week’s post Perform a Security Audit, Use Stronger Tools, I mentioned we were in the process of adding SSL certificates to three of our sites so that we could accept credit cards directly. SSL certificates are now in place on all three sites and we have enabled the direct use of credit cards in addition to the PayPal support that had been in place.
Today I want to talk more about the process of adding SSL certificates and some of the obstacles we have faced. Should you need to secure your own sites or you simply want to understand it better as a shopper, I’ll help you understand what it all means. Let’s first start out with a screen shot of the URLs on our sites.
Three of the four show a green block on the left with a padlock and our company name. One of them shows the padlock with a yellow warning triangle. If the green shows up, every single element on the page is being loaded securely. When even a single graphic is loaded insecurely, the warning comes up. In the case of the home page of CorelDRAW Unleashed, there are two graphics loading from another site that are loading insecurely. We are in contact with that company to find out how this can be modified.
We have chosen to secure all pages of all three sites. Theoretically, it is only important to lock down the pages where a visitor (you) is supplying information that needs to be protected. Typically this is payment information like a credit card number. You’ll see in the last URL that the store of CorelDRAW Unleashed does have everything secured as the external content that we need to secure isn’t on those pages.
On the Vehicle Templates Unleashed site, we load a couple of forms from the product manufacturer in what is called an iframe. Those iframes didn’t initially load the content securely and thus the content didn’t display at all. Once they were loaded securely, the content displayed. One of the forms initially didn’t function properly and we got that resolved when we notified the manufacturer.
To get an SSL certficate, you have to purchase the type of certificate desired and then a certificate authority has to verify the identity of your company. Right now the certificates in place use 256-bit encryption as these certificates can be issued within a couple of days. In the future, they will get upgraded to use 2048-bit encryption as the verification process can take several weeks. So our sites will become even more secure once the longer verification process is completed.
The additional payment methods and security will allow you more peace of mind when shopping on our sites. Should you need help with your Web site, including security, please let me help you.