In this lesson, you will learn:
- What an SSL is and what it does
- How the Bigcommerce shared SSL works
- Using your own private SSL on your Bigcommerce store
The SSL Certificate; What is it? What does it do. Do I have one? Do I need one? How do I get one!? his lesson will help demystify the SSL, and show you the options that you have with Bigcommerce.
SSL stands for secure sockets layer. An SSL Certificate is a small file that is hosted on your web server. It encrypts information that customers enter on the front-end of your Bigcommerce store, before sending it across the necessary web servers.
In other words, the SSL wraps information being sent across the web in a secret code.
This way, evil-doers are unable to see sensitive information like credit card numbers, passwords and other data as it is submitted to your store.
You can always tell when a webpage is secured with an SSL certificate by checking the URL address. SSL pages will show as: HTTPS instead of just HTTP. The “S” at the end stands for secured, which means the connection between your browser and the site is secured and encrypted. You may also see a padlock next to the HTTPS, but this really depends on the browser you’re using. HTTPS will be the tell-tale sign that the page you’re viewing bcis secure.
As a Bigcommerce store owner rest assured that your checkout page is always secure.
Out of the box, Bigcommerce provides you with our “Shared SSL”. We allow all of our store owners to share the Bigcommerce SSL so no customers’ credit card information is ever at risk. The reason you may want to move from our shared SSL to your own private SSL, is how the URL structure looks during checkout. Let’s take a look.
I’m currently shopping at BCUstore.com, and you can see my URL just fine in the address bar, but if I move to checkout from the store, you’ll notice the URL changes, and no longer shows my domain name. It’s a subdomain of MyBigcommerce.com, and that’s totally normal. SSL rules dictate we have to use the true or “Canonical” URL when an SSL is enabled. If you navigate back to shop on your store, you see the domain name is back, and there’s no padlock. This is because we do not enable the SSL on your store’s normal shopping pages. Only on checkout and your customer’s login page. There is no sensitive information being sent through these pages, so
there’s no need for the SSL. We do have the ability to make every page secured with HTTPS, but this is only available on select plans.
Now let’s look at a checkout page of a store using a private SSL. You’ll notice here we see the padlock, the HTTPS and the store’s branded domain name is still visible. When using a private SSL, you are able to use your own domain name on the secured pages.
Aside from sitewide HTTPS, this is really the only difference between a private SSL and using the Bigcommerce shared SSL. The private SSL allows you to show your domain name to your customers at checkout, or the shared SSL will revert your URL back to the true Bigcommerce URL.
So it’s really a matter of branding and trust. Some customers use this as a trust signal.
They want to see that domain name they recognize while they’re entering their billing and credit card information. When using the Bigcommerce shared SSL, they may not recognize the name Bigcommerce in the address bar, and become concerned, abandoning their order. So if you want to avoid any possible trust issues you can easily purchase and install a private SSL right through the Bigcommerce control panel.
If you’re logged in as the store owner, go to Settings and then SSL Certificates, and click View SSL Certificate Options. You’ll need to make sure you’ve applied a domain to your store first. Next you’ll be able to choose whether you’d like to purchase a domain through Bigcommerce and Geotrust or do you have another SSL vendor you’d like to use. I’ll proceed with Bigcommerce and Geotrust because Geotrust is the industry
leader but also this route is much easier than using a 3rd party SSL supplier. At the next screen you’ll be able to decide what level SSL you’d like. The Standard and Deluxe SSLs are very similar, the only difference is the amount of insurance the Deluxe carries.
Then there’s the Premium SSL, or True BusinessID with Extended Validation. This SSL provides a much beefier padlock. This is the True Business ID. However you can only get this by going through the Extended Validation, which is a rigorous way of verifying the identity and authority of individual or company requesting the Premium SSL Certificate. This is the same level of security with more insurance from Geotrust. It just carries stronger trust signals to your customers, which always help to improve your conversion rate.
Just remember that if you buy a Standard SSL your site is just as secure as a site with a Premium SSL.
Now, since you have one, you’ll want to display it loud and proud. To learn more about putting an SSL badge on your storefront check out the additional resources section for a Knowledge Base article with all the details.