# How does SSL work? a newbie question



## alecho (Apr 10, 2008)

Hello veterans, this is another newbie with questions in regards to SSL.

I know SSL is important to make transmission secure, but my question is (here comes the obvious newbie naiveness  ):

(question) how does SSL work? is it to secure transmission between the browser and the web server hosting the website (i.e. customer selects a product and click buy)? or is it between the web host server and payment gateway (i.e. credit card info sent to merchant account?). 

In general I am having a hard time understanding how shopping cart works and how information is transferred. Is the information from the shopping cart first transferred to the webhost and then to payment gateway? or directly transmitted to the paytment gateway?

any reply is greatly appreciated. thank you very much for your time! good day!


----------



## mike2468 (Mar 11, 2007)

First of all your software needs to be set up for ssl and 2nd, you need to purchase a ssl certificate. Our certificate is purchased thru the company hosting our web site, it's a yearly fee.

I set our site up to be secure only when someone logs into their account or begins the checkout process. I don't process any final payments (paypal or credit card) directly thru our site, the final payment process where the customers payment information (credit card numbers), is handled by the actual payment processor. I have the option of taking customers cc info thru our online store but elected not to do so for security reasons.


----------



## queerrep (Jul 18, 2006)

alecho said:


> (question) how does SSL work? is it to secure transmission between the browser and the web server hosting the website (i.e. customer selects a product and click buy)? or is it between the web host server and payment gateway (i.e. credit card info sent to merchant account?).


It's between the browser and the server, so you'll have to go through your web host to get it. Essentially, this is how it works:

Browser checks the certificate to make sure that the site you are connecting to is the real site and not someone intercepting.
Determine encryption types that the browser and web site server can both use to understand each other.
Browser and Server send each other unique codes to use when scrambling (or encrypting) the information that will be sent.
The browser and Server start talking using the encryption, the web browser shows the encrypting icon, and web pages are processed secured.



alecho said:


> In general I am having a hard time understanding how shopping cart works and how information is transferred. Is the information from the shopping cart first transferred to the webhost and then to payment gateway? or directly transmitted to the paytment gateway?


It goes to server (webhost) and then the payment gateway.

It is pretty confusing, but maybe this will help:


----------



## alecho (Apr 10, 2008)

mike2468! Thank you very much for your reply. It's good to hear from somebody who has the real life experience. It really helped me alot.  

queerrep! Thank you very much for giving your time to reply. The diagram really helped me alot. It's people like you make this forum so great!


----------



## alecho (Apr 10, 2008)

I am starting to understand that SSL is to secure the transmission between the browser and the webhost, and also to see if the webhost is legit.

But how is the transmission from the webhost to the payment gateway secured (i.e. customer's credit card info)? Do we have to purchase another SSL certificate?

any reply is greatly appreciated. good day!


----------



## HorseDesigns (Apr 11, 2008)

I use Coolcart.com... it cost $120 per year and makes things pretty simple. It's real easy for that stuff to get over my head so I'm not sure if you were asking something else LOL


----------



## mike2468 (Mar 11, 2007)

alecho said:


> I am starting to understand that SSL is to secure the transmission between the browser and the webhost, and also to see if the webhost is legit.
> 
> But how is the transmission from the webhost to the payment gateway secured (i.e. customer's credit card info)? Do we have to purchase another SSL certificate?
> 
> any reply is greatly appreciated. good day!


The best thing todo would be to contact your web hosting company, if you have one at this time, and they should be able to get you set up. I am assuming you can purchase a certificate thru ALL web hosting companies. The one I use takes of it all. I buy the certificate and they install it for me. The only thing I had todo was set up the proper parameters in the shopping cart.

You purchase one yearly certificate for your website (ex. www.yoursite.com), no additional certs are needed. All the secure data transmission is going on in in the background and the only thing you will notice is there will be a small padalock icon in your browser tray and the link will read https: in stead of http:

Once those two items are visible you know the site is secure. Here is a link to our site if you want to see how that works. Click on the link and once the page is loaded click on 'My Account' in the upper right hand corner. You will see the two changes I mentioned previously.

Link: http://www.precngraving.com/


Mike


----------



## mike2468 (Mar 11, 2007)

One other item I just happen to think of. In order to process credit cards on line you going to need a merchant account setup with some company. I have been using a company called 2checkout for several years and have never had any problems. When I bought the shopping cart the 2checkout module was included, along with the paypal module which are the two sercure payments I use.

Like I said earlier, I don't store any credit card information on our system, nor do I know what the customers cc info is, that is all handled by the payment processors.

Mike


----------



## HorseDesigns (Apr 11, 2008)

Using the services of a company like CCNow can be very helpful for start up, too. No need to get a merchant account that way. They take all forms of credit card payment, process the payment and send you a copy of the order. Once order is filled, you mark it shipped and the funds, minus their service fees, goes into an account, which can be deposited into your bank account every 2 weeks. You don't get the money as fast as with your own merchant account and the fees are slightly higher, but it gets you up and running with more sales while you work on your learning curve.


----------



## alecho (Apr 10, 2008)

HorseDesigns: merchant account or not... hmmm... thanx for your input! i've stopped by coolcart.com and it looks very convenient for a newbie like me. I'll definitely look into CCNow and see how it works. this is great guys! thanx! 

mike2468: wow, i liked your website. it's so organized and easy for the customer to follow (i.e. showing the shopping cart on the side throughout the browsing, giving the customer the option to be a member, etc). It's a great model for many to appreciate. quick question though... did you implement the shopping cart to your website? or did you hire somebody to do that on your behalf? ultimately, I want a shopping cart that blends into the website, but I didn't know the level of difficulty involved in implementing a shopping cart. Any reply is greatly appreciated! thanx!


----------



## mike2468 (Mar 11, 2007)

mike2468: wow, i liked your website. it's so organized and easy for the customer to follow (i.e. showing the shopping cart on the side throughout the browsing, giving the customer the option to be a member, etc). It's a great model for many to appreciate. quick question though... did you implement the shopping cart to your website? or did you hire somebody to do that on your behalf? ultimately, I want a shopping cart that blends into the website, but I didn't know the level of difficulty involved in implementing a shopping cart. Any reply is greatly appreciated! thanx! [/quote]

Alex,

Our shopping was purchased from Turnkkey Webtools originally. I myself have done a lot of modifications to it along with hiring a freelance programmer to do the majority of it. I have tried several other carts over the years and liked this one the best. It's nothing fancy but I understand the inner workings of it now and it does produce sales. 

In my opinion, stay away from the Flash based web desings, especailly in the shopping cart area. Nothing more I hate then going to a web sites shopping cart and haveing to wait...and wait...and wait for the flash intro's or other whooopla to load up...I leave the site immediately.

Mike


----------



## alecho (Apr 10, 2008)

Mike, I agree with you. there's nothing more annoying than flash animation delaying a purchase. I'll keep it clean, simple, and effective... well, kinda like yours.


----------

