Sometimes criminally-minded entrepreneurs masquerade as legitimate Web businesses, intercepting e-commerce transactions intended for the legitimate business. Any good customer - particularly online customers - is very skeptical. When it comes to the Net, they are often fearful. In order to process transactions or collect personal information, your customers must have confidence that the data they send will be protected, whether it's credit card numbers, mailing addresses, or email addresses.

Secure Web servers provide this protection using a security protocol known as Secure Socket Layer (SSL). Web servers can encrypt data and authenticate both the server and the client (in this case, the customer) for a secure TCP/IP connection (the protocol used to transmit data on the Internet).

You can make your Web server secure - and guarantee this security to customers -- by using digital certificates.

How do secure Web servers work?

When a customer needs to send information to your site, an identification process called a "handshake" initiates a secure session. The great thing about the "handshake" process is that your customer doesn't need to do a thing. The whole procedure is handled by the customer's browser and your secure web server.

A "handshake" works like this:

The client (or customer) sends a request (in the form of https://servername.domain.com) via his Web browser to connect to the secure server. The server sends its certificate to the client's browser (typically Netscape or Microsoft's Internet Explorer).

The browser then examines the server certificate to see if a trusted party issued it. The browser compares the information in the certificate with the server's domain name and public key (a unique code). If they match, the server is accepted as authentic.

How do I get a digital certificate?

In order to obtain a digital certificate, you have to purchase it from a Certificate Authority (CA). In addition to that, you need an actual Web server, a high-end computer dedicated to performing your task.

Think of a Certification Authority as a passport office. Like a passport agent, a CA must take steps to establish the identity of the people or organizations before issuing an ID - in this case, a digital certificate.

What does it cost?

Digital certificate costs can vary significantly depending on encryption level. For a higher certificate price, the CA may offer to help train you on setting up the certificate process, as well as offer an insurance policy. Whether you need an insurance policy or not depends on how critical you think preventing a security breach would be to the survival of your business. Coverage generally ranges from $25K to $250K.

Annual fees for the standard 40-bit SSL encryption generally cost around $300-$600 per certificate. Annual fees for 128-bit SSL encryption, mainly recommended for financial and banking institutions, are typically $900-$1300. Each additional certificate, as well as renewal fees for each certificate, is typically around the same price, though some Certificate Authorities might give a price break on additional purchases and renewals.

You'll also need to consider the cost of a good server, which will probably run you around $3000 to $5000.