TLS and SSL certificates for site security
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) certificate is a security technology for sites that protects the data that your customers enter on your site: credit card numbers, social security numbers, login credentials, etc. TLS and SSL encrypts the data transfer from your site, and publishes the content securely using HTTPS instead of HTTP.
Having a TLS or SSL certificate also affects your site ranking in the search engine results since Google and other engines prefer secured sites over unsecured.
You can tell if a site is secure by looking at its link in the browser: site is not secured if it has a warning icon and the “Not Secure” note. TLS/SSL-secured sites have the padlock icon:
In Ecwid, your online store and Instant Site are protected with TLS certificates. In other words, it’s safe for visitors to browse your site and make purchases. If you use another site instead of the Instant Site, you need to check if it has an SSL/TLS certificate and enable it if not.
There are two security certificates: SSL and TLS. TLS is the successor protocol to SSL. Simply speaking, it’s the improved and more secure version of SSL, but the terms are often used interchangeably.
When a customer buys products in your online store and enters their credit card credentials, that data begins “a journey” from a client’s browser to your site. To make sure no criminals will attack that data while transferring, an TLS certificate comes into play in the role of a data guardian.
Here’s what TLS/SSL certificate does:
Encrypts transmitted data. That means that data looks like a garbled combination of characters nearly impossible to decrypt. This is particularly important when users transmit sensitive data, such as credit card details or email login data.
Сonfirms the authenticity of websites or services. It’s also called a handshake between two communicating devices. This helps to ensure that both devices are really who they claim to be.
Guarantees the integrity of transmitted information. The data will not change or be lost as it is transported from the server to the browser.
By default, your Ecwid store and Instant Site are always launched with TLS technology.
You can verify the security of your store by inspecting store’s network sessions. To confirm checkout is secure, Ecwid shows a message on the checkout page:
This means that if you are using an Instant Site, you do not need to take any extra actions to make your site and store run through a secure HTTPS connection.
Using a TLS certificate and running your site via a secure HTTPS connection helps to increase your online store’s credibility. Besides, many payment services require secure sites in order to support their payment gateway. For example, Apple Pay works only with HTTPS.
In case you’ve added your Ecwid store to any other website apart from the Instant Site, you need to provide your site with an SSL or TLS certificate. The Ecwid store you embedded on site created on other platform will have an SSL certificate, but the certificate will cover only the store pages, and not all of your custom site.
Most domain registrars like GoDaddy, Bluehost, Namecheap, and so on will offer you to buy or enable an SSL certificate when you purchase a domain from them. The same goes for most popular site builders like Squarespace or Wix that already have SSL certificates included into their websites. You can easily check if your site is protected: open your site and see if the URL has a padlock icon near its name. If not, then you need to provide an SSL certificate.
Here’s your options for getting an SSL certificate depending on what site builder you use:
- Weebly. Add an SSL certificate to your Weebly website from your site editor.
- Duda. Install an SSL certificate for your site right from the Duda admin.
- Joomla. Buy an SSL certificate and install it on your website.
- Drupal. Add an SSL certificate on your website.
- WordPress. Get and install an SSL certificate on your website.
In case you use a custom site, here’s the list of services that offers SSL certificates: