A guide for SSL beginners: what it is and why it makes your site more secure
Have you ever noticed that some URLs start with "http://" while others start with "https://"?
But where does that extra "s" come from, and what does it mean?
To put it simply: The extra "s" means that your connection to this website is secure and encrypted; any data you enter will be securely shared with this website. The technology that makes this little "s" possible is called SSL, which stands for Secure Sockets Layer.
As a consumer, you always want to see https:// when you visit a website that you trust with your essential information. As a website owner, you want to have a website that has SSL enabled and shows the visitor that the site is secure.
So why is SSl such a big deal?
What is an SSL Certificate?
Let's define an SSL. This definition comes directly from SSL.com
"SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are protocols for establishing authenticated and encrypted links between networked computers."
SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are protocols for establishing authenticated and encrypted connections between networked computers.
If you land on a page for which you filled out a form and clicked submit, the information you entered could be intercepted by a hacker on an insecure website.
This information can be anything from details about a banking transaction to what you enter to sign up for an offer. In hacker jargon, this "interception" is often referred to as a "man-in-the-middle attack".
One of the most common ways that an attack occurs is this: a hacker places a small, undetected listening program on the server hosting a website. This program waits in the background until a visitor starts entering information on the website, and it is activated to capture the information and then send it back to the hacker.
A little scary, isn't it?
But when you visit a website that is encrypted with SSL, your browser establishes a connection with the web server, looks at the SSL certificate, and then binds your browser and the server. This binding connection is so secure that no one but you and the website can see or access what you type.
This connection happens instantly, and some even think it's faster than connecting to an insecure website. All you have to do is visit a website with SSL, and voila: Your connection is automatically secured.
An SSL is a security technology. It is a protocol for the server and web browser that ensures that the data transferred between the two is private. This is done through an encrypted connection that connects the server and the browser.
Businesses that request personal information from a user, such as an email address or payment information, should have SSL certificates on their website. Having such a certificate means that the information you collect is private, and ensures the customer that their privacy is secure when they see that padlock and "https://".
SSL certificates are categorized by the level of validation and encryption provided or by the number of domains or subdomains under the certificate. There are three types of certificates that you can purchase depending on the SSL you get. Let's talk about them in more detail.
Types of certificates
The umbrellas that SSL certificates fall under are encryption and validation and domain number. They each have three classifications and can be applied for on the SSL website. The certificates are processed by a Certificate Authority (CA), a software specifically designed to operate and issue these certificates.
For encryption and validation certificates, there are domain, organizational and extended validation. For certificates defined by the domain number, there are single, multidomain and wildcard types.
SSL Certificate with Extended Validation (EV)
This certificate displays the padlock, HTTPS, company name, and country in the address bar to prevent it from being mistaken for a spam site.
Extended Validation (SV) SSLs are the most expensive SSLs you can get, but they are valuable for showing the legitimacy of your domain in the address bar. In order to set up an EV SSL, you must prove that you are authorized to own the domain you are submitting. This ensures that users are confident that you are legitimately collecting the data needed to perform certain actions - such as a credit card number for an online transaction.
An EV SSL certificate can be purchased by any business, and it should be a priority especially for businesses that need identity assurance. For example, if your website processes web payments or collects data, you should get this certificate.
Organization Validated (OV SSL) Certificate
This certificate verifies that your organization and domain validation are genuine. Organization Validated (OV) SSL Certificates provide a medium level of encryption and are obtained in two steps. First, the CA would verify who owns the domain and if the organization is operating legally.
In the browser, users will see a small green padlock followed by the company name. Use this type of certificate if you don't have the funds for an EV SSL, but still want to offer a medium level of encryption.
Domain Validation (DV) Certificate
The Domain Validation (DV) certificate provides a low level of encryption, which is displayed as a green padlock next to the URL in the address bar. This is the fastest validation you can get, and you only need a few company documents to apply.
This verification occurs when you add a DNS to the CA. For this certificate, the CA verifies the applicant's right to own the submitted domain. (Note: DVs do not secure subdomains, only the domain itself).
Unlike EV SSL, the CA does not verify identity information, so you do not know who is receiving your encrypted information. However, if you are part of an organization that can't afford a higher level of SSL, a DV does the job.
Wildcard SSL Certificates
Wildcard SSL certificates belong to the category "domain and subdomain number". Wildcard SSL certificates ensure that when you buy a certificate for a domain, you can use the same certificate for subdomains.
For example, if you purchased a wildcard for example.com, it can be used for mail.example.com and blog.example.com. Such an option is less expensive than purchasing multiple SSL certificates for one number or domain.
Unified Communications (UCC) SSL Certificate
Unified Communications Certificates (UCCs), also known as multi-domain SSL certificates, allow multiple domain names to be on the same certificate. UCCs were created to bridge communications between a single server and browser, but have since expanded to include multiple domain names from the same owner.
A UCC in the address bar displays a padlock to indicate verification. They can also be considered EV SSL if they are configured to display this green text, padlock and home country. The only difference is the number of domain names associated with that certificate.
Multi-domain SSL certificates cover up to 100 domain names. If you need to change the names in any way, you can do so with the Subject Alternative Name (SAN) option. Some examples of multi-domain names you can use are: www.domain.co.uk, www.domain.com, mail.example.com, and checkout.example.com.
Single Domain SSL Certificate
A Single Domain SSL protects one domain. With this certificate, note that you cannot use it to protect subdomains or a completely different domain.
For example, if you buy this certificate for example.com, you cannot use it for blog.example.com or 2ndexample.com.
How can I get an SSL Certificate for my website?
The first step is to determine what type of certificate you need. For example, if you host content on multiple platforms (on separate domains/subdomains), this may mean that you need different SSL certificates.
For most, a standard SSL certificate will cover your content. However, for businesses in a regulated industry - such as finance or insurance - it may be worth speaking to your IT team to ensure you meet the specific SSL certificate requirements in your industry.
SSL certificate costs vary, but you can get a free certificate or pay per month to get a custom certificate. On the free side - Let's Encrypt certificates can be purchased for free, but I would highly recommend getting help from someone who is familiar with DNS and the technical setup of your website. These certificates also expire every 90 days, so make sure you keep them up to date.
We are happy to help you
One of the other important points is the validity period of a certificate. Most standard SSL certificates that you purchase are available for one to two years by default. However, if you are looking for longer-term options, you should consider more advanced certificates that offer longer periods.
Is SSL good for SEO?
Yes. Although the main purpose of SSL is to secure information between the visitor and your website, there are also benefits for SEO. According to Google Webmaster Trends analysts, SSL is part of Google's search ranking algorithm.
Let's say two websites are similar in the content provided, but one has SSL enabled and the other does not. This first website might get a slight ranking boost because it is encrypted. From this, there is a clear SEO advantage to enabling SSL on your website and across your pages.
So how can I tell if my website has SSL?
When you visit a website with SSL, there are a few distinct differences that show up in the browser. Click here for a free SSL checker tool.
1. the URL says "https://" and not "http://".
The URL should look something like the screenshot below. Remember that an SSL-encrypted website will always have the "s", which stands for "secure/ secure" is displayed. Additionally, this text may appear green and follow a green padlock (another indicator explained below).
You will see a padlock icon in the URL bar.
The padlock is displayed on the left or right side of the URL bar, depending on the browser. For example, in Chrome and Safari, it's on the left side. You can click the padlock to get more information about the website and the company that provided the certificate.
We help you create a safe customer experience.