Secure Sockets Layer – SSL, what and how?

For our company, we use a VPS (virtual private server) to host our sites, including this blog. A VPS is often used by small companies for the “dedicated like servers features”, without the enormous price tag. I won’t go into details about how a VPS works, because this post is about SSL. In fact, we have to create an e-commerce for one of our clients and, to be able to process secure payments, we need an SSL certificate. I thought I could share some basic info about SSL with you.

How does SSL work?
SSL is used to establish a private connection between your site and the client’s browser. Usually you can identify a site that has an SSL certificate by a lock icon (most browsers display it in the address bar). If you have a site that requires SSL, I would suggest you contact your hosting provider, they will be able to give you more information on how to purchase it. On the other hand, if you are curious to know how the SSL will work on the user’s end, here is an example:

1) A customer makes a connection to yoursite.com that has an SSL certificate. This connection is denoted with https instead of http.
2) yoursite.com sends back its public key (the SSL certificate) to the customer’s browser. At this point, the browser decides if it is alright to proceed. Your certificate must be for yousite.com (each domain must have its own certificate) and must NOT be expired.
3) yoursite.com will send encrypted information to the customer’s browser using the public and private key.
4) The customer’s browser will decrypt the information. This process shows that yoursite.com and only the customer will be able to read the information.
5) The customer’s browser and yoursite.com can now securely exchange information.

My situation and solution
I have to say, I am new to SSL, so some of you might know most of this. My client bought his own domain (puremineral.ca), but has no hosting. We didn’t transfer the domain to our hosting provider because the client already paid his two years subscription for puremineral.ca and all the other .net, .org, etc. Instead, we forwarded all the traffic to our server, via DNS. At first, all domains were going to the same folder, meaning that you would type the .ca or .net address, the .ca or .net address would stay. Now, because SSL has to be done on each domain, we decided only to purchase the .ca SSL certificate. At this point, we changed the forwarding of all other .net, .org… to go to the .ca. This means that whatever domain the user will type, it will always go to puremineral.ca and use the valid SSL certificate. This saves us some money and doesn’t confuse users regarding what site they will be at.

Because our main domain for the VPS is cubik3.com, I had the option to purchase an SSL certificate only for cubik3.com. This would of applied an SSL to all our clients’ domain, but with some small issues. All users that would land on one of our client’s domain would receive a pop-up warning message letting them know that the SSL is not valid. Now this is not a good thing to do, because you can scare potential viewers away.