SSL certificates explained
SSL certificates are small data files that are installed on website servers which encrypt data that is sent from a visitor, who is viewing/using a website, to the server. Sites that have SSL certificates have the security padlock displayed in the web browser:
SSL certificates are a requirement if your customers will be entering sensitive information (such as credit card information) directly onto your website or if you have third party programmes. Since the benefits of having an SSL certificate are great it is recommended that you have one even if you aren’t required to.
• When do I need an SSL certificate for my website?
• Hosted payment pages
• How to get an SSL certificate
• Can you use your own SSL certificate?
When do I need an SSL certificate for my website?
You need an SSL certificate in these circumstances:
- If you are using a payment gateway provider that doesn’t offer a hosted payment page, or if you have decided to keep customers on your website to complete their purchase, then it is a legal requirement to have an SSL certificate for your website as the customer will be entering their card details directly on your website.
- If a customer is entering card information on your website through a secure iframe, you should have an SSL certificate.
- If any part of your website has a form that asks visitors to input their personal information, then you should use an SSL certificate. This could be any form from a newsletter subscription form to a form to create a customer account.
- If you have programmes provided by third parties (like Google), you will, in certain circumstances, need to use an SSL certificate. For example, if you submit listings to Google Shopping, you will need an SSL certificate. More information about this should be sought from your third party provider.
Having an SSL certificate is always a good idea as the protection they offer to your customers will help make them feel safer using your website.
Hosted payment pages
Most payment gateway providers (the companies that process card payments) use a system called a hosted payment page.
When a customer on your website clicks a button to enter their card details in many cases they will be taken through to your payment gateway provider’s website. This means that the customer is not actually entering their card details onto your website.
Through this system you, the store owner, and ShopWired, the platform provider and website host, never actually see the customer’s card information. In this instance your website would not need to be PCI compliant as that standard only applies if your website is directly handling credit card information.
How to get an SSL certificate
SSL certificates are provided free of charge by ShopWired with all packages. To configure an SSL certificate for your domain name follow the instructions found here.
Can you use your own SSL certificate?
The ShopWired platform is hosted on the Amazon Web Services hosting platform where we host multiple websites on the same server. Amazon Web Services only allows an individual server to have a single IP address. This means that, because an SSL certificate can only have a single IP address assigned to it, our server cannot host more than one SSL certificate despite hosting more than one website. To get around this problem we use a special type of SSL certificate and server configuration.
This means that you cannot buy an SSL certificate from an external provider and use it on your website with us, but since SSL certificates are provided free of charge with all packages you shouldn't need to anyway.