Surely every webmaster has already heard of SSL certificates, this post will explain what exactly they are, what they are for and why they are so important.
A Secure Sockets Layer (SSL) certificate is a type of website encryption key that protects a website and its users from hackers. HTTPS protocol uses an SSL Certificate to protect server-client communication.
Here’s a straightforward yet comprehensive definition of SSL/HTTPS from the Mozilla Developer Network (MDN) official website:
HTTPS (HTTP Secure) is an encrypted version of the HTTP protocol. It usually uses SSL or TLS to encrypt all communication between a client and a server. This secure connection allows clients to safely exchange sensitive data with a server, for example for banking activities or online shopping.
We’re talking about end-to-end encryption (E2EE), which means that communication between the user’s browser and the server where the target website is hosted is encrypted and no one else has the key to decoding data in transit.
Actually, SSL is an outdated technology considered unsafe and is deprecated, it has been supplanted by TLS (Transport Layer Security). However, the term SSL is commonly used to indicate both SSL and TLS certificates.
This certification is a key element of web security because authenticates the identity of a website and enables encrypted connection between a web browser and a web server.
An SSL certificate contains detailed information about: The certificate holder’s name, serial number, expiration date, the public key copy of the certificate’s holder and the digital signature of the Certificate Authority (CA).
The Different Types of SSL Certificates
There are three main categories of SSL Certificates which offer different levels of security, they are:
Domain Validation (DV): This type of certificate is the least expensive, the validation process is quick and simple. It only requires to prove the ownership of the domain, usually with an email confirmation or by uploading a text file via FTP. However, this certification ensures a low level of protection. Let’s Encrypt is a popular, free and open-source solution to get Domain Validated Certificates for small sites and blogs that don’t handle sensitive data.
- Organization Validation (OV): In this case, the validation process is longer and more complex. The Certificate Authority investigates to see if the website owner is legitimate and trustworthy. This is more expensive than DV certificates, but it validates business’ creditably and shows the organization’s details thats behind the website.
- Extended Validation (EV): This option is the most expensive and the approval process can last even weeks. EV certification is intended for very large sites of online commerce and government entities.
As you can see, these certificates are not distinguished by the level of encryption, but by the vetting procedure and the information available to the users regarding the legitimacy and ownership of the site.
How to determine if a website is using an SSL certificate
In popular browsers like Firefox, Chrome or Microsoft Edge it’s easy to tell if a connection is secure: Safe websites use HTTPS connections, in Google Chrome double click on the address bar and you’ll see the complete url. A closed padlock also appears on the left-hand side of the browser bar.
On the contrary if a website is not secure, warnings will be displayed. These can be a red padlock or an open padlock, a yellow triangle, or a red line going through the website’s address.
The benefits of using an SSL certificate
Adding an SSL Certificate to a website builds confidence in the visitor’s perspective. Protects against phishing (theft of sensitive data). Leads to a Search Engine Ranking improvement (Read more about SEO).
SSL is a basic requirement to become PCI compliant and have the ability to process online payments.
The need to give users a safer web browsing experience has led Google in 2018 to classify all websites that do not adopt the https protocol as unsafe. Its popular web browser Chrome (and Mozilla Firefox), in fact, mark http sites as “Not Secure” with a warning message on the url bar.
Where to get an SSL Certificate for Your Website
Currently all the major Web Hosts such as Bluehost, A2 Hosting or Dreamhost provide free Let’s Encrypt support all their hosting plans. These can be easily installed from the Control Panel of your account. From the Security section navigate to SSL/TLS certificates. If you use cPanel the easiest way to Let’s Encrypt is by using the AutoSSl feature, this will automatically install and keep the certificate up-to-date for every domain on your account.
If you are looking for more advanced paid options, your host ill help you choose the certificate that best suits your needs providing you with all the assistance you need.