An SSL (Secure Socket Layer) certificate is an extra layer of security protocol – in simple terms, it is an encryption that secures your website’s communications with its users as well as its files. An SSL certificate is also a digital public document which proves the legitimacy of a company or individual’s ownership of a website and prevents hackers and attackers from duplicating the aforementioned business or personal website.
How does an SSL certificate work?
When a user wants to access a website that is secured by an SSL certificate, the user’s browser recognizes the SSL encryption on the site and uses it to establish a secure session or connection with the web server. This process is also known as an SSL handshake. This handshake happens in a split second and is not visible to the user. An SSL certificate also protects important information such as credit card details and password and provide an extra layer of encryption when data is sent.
What are the benefits of using an SSL certificate?
A couple of years ago, an SSL certificate was considered to be just a nice feature to have on your website and was mostly used for e-commerce payments pages. However, it has become vital for every website today because of the many benefits it provides such as:
- Ensuring that your website works on every browser especially because Microsoft, Google and Mozilla currently penalize websites who don’t use secure certificates.
- It sells the credibility of your websites to your users. A lot of end-users would not input personal information or make a purchase on a website that is not secured with SSL certificates.
- Google recently started giving higher rankings to websites that use SSL certificates – using one will be great for your website’s SEO.
- An SSL certificate will protect your website from cyber-attacks like phishing.
- It is a way to authenticate that your site is recognized by a certification authority and is encrypted.
What are the different types of SSL certificates?
There are three major types of SSL certificates: Domain-validated (DV SSL), Extended- validation (EV SSL) and organization validated (OV SSL). Encryption levels across the various types of SSL certificates are the same but the verification and vetting process involved in obtaining the certificates, as well as the feel and look of the address bar in the browser is the difference.
Is the use of SSL obsolete?
No, it is not. Even though earlier SSL encryption algorithms are no longer used because it was too easy to break, its processing power has gotten stronger. In fact, SSL algorithms have gotten faster and smarter. And because we now have very powerful CPUs, whose performances are not affected by the extra layer of encryption, the worry about SSL certificates being too heavy for servers to process is no longer an issue. Which is why SSL is still relevant today – not just for encrypting sensitive information like credit card transactions or logins but with the updated and better algorithms; encrypting other contents too.
What is the difference between HTTP, SSL and TLS?
SSL is an industry standard protection measure that is used by websites to secure the online transactions of its users. Transport Layer Security (TLS call) on the other hand, is simply a more secure and updated version of the SSL. Even though TLS is very similar to the SSL 3.0, what differentiates is its inability to provide backward compatibility as a result of changes to its algorithms. HTTP is a term that refers to HTTP over SSL or Hypertext transfer protocol over secure sockets layer – that is, the SSL act as an extra layer under the basic HTTP application layering. HTTP decrypted message on arrival and encrypts a message before transmission.
Why is the term SSL still being used even though it’s been replaced by TLS?
SSL is still being used even though it’s being replaced by TLS (transport layer security) because it is the more common term. TSL is a more secure and updated version of SSL -when you buy an SSL certificate today, you are actually purchasing the latest TLS certificate, with the option of DSA, ECC or RSA encryption.
Are SSL certificates the same as protocols?
Before you begin to think that you might need to replace your current SSL certificate with a TLS certificate, it is important to note that certificates do not depend on protocol – that is, you do not need one over the other. Even though SSL and TLS are used interchangeably, protocols are determined by the configuration of your server not the certificates. The term SSL is the most common usage because it is the most popular but there is beginning to be an increase of the use of TLS in the tech industry.
Are SSL certificates compulsory?
Even though Netscape invented SSL in the mid-90s, it wasn’t compulsory for every website to have a TLS or SSL certificate installed until 2018 – when Google began to tag unencrypted sites as ‘not secure’. Although Google with its Android OS, Chrome browser and search engine has a huge influence on Internet policies, it was not alone on this.
Mozilla, Apple and Microsoft as well as other major stakeholders in the tech industry are all part of the drive to make TLS/SSL certificates and HTTP encryption compulsory. This is done for a simple reason-without TLS/SSL and HTTP which enables secure connection, communications between via website and its users would be in plain text which can easily be read by a third party.
How does one obtain an SSL certificate?
There are two major ways to obtain an SSL certificate for your website:
1. Getting an SSL certificate from a Certificate Authority (CA)
Getting an SSL certificate for your websites can be done directly from a CA. However, you would have to manually configure the certificate on your server (if you’re hosting it yourself) or on your web host. You can easily get a free SSL certificate from the Let’s Encrypt, a popular CA that offers certificates with the goal of creating a safer internet for all. You can also try other free SSL providers.
2. Using a web host that has integrated SSL and configures HTTP automatically
There are a couple of web host providers who configure their web servers to support HTTP as connections automatically and provide SSL certificates.
How to choose your SSL certificate type
- First, identify what you wish to protect – that is, subdomain or domain.
- Then carefully consider if you would need protection for multiple or single properties (multiple domain or wildcard).
- Finally, settle on the level of protection you need – organization validated (medium) or domain validated (low).
Frequently Asked Questions (FAQs)
Here are the common Frequently Asked Questions (FAQs) about SSLs.
1. Is SSL good for SEO?
Absolutely. Although the main function of an SSL certificate is to secure the information between your website and its users, there are multiple benefits for your site’s SEO – especially because Google ranks websites with SSL certification higher than others without one even though they might be equally matched.
2. How much do SSL certificates cost?
On the average, a single domain SSL certificate would start at $4.95 per year.
3. What is the best SSL certificate to use with multiple subdomains on a single website?
A wildcard SSL certificate is best.
4. What happens when my SSL certificate expires?
When a certificate expires, it automatically becomes invalid – that is, it can no longer run secure connections on your website. Fortunately, your CA would send you renewal prompts before your site’s SSL certification expiry dates, so you always stay connected.
5. Are free SSL certificates available?
Yes, they are. For example, Let’s Encrypt provides 100% free certificates within few minutes of a request.
6. Is an SSL certificate all the security I need?
Sadly, no. SSL is fantastic but simply purchasing one is not enough – it also needs to be properly implemented. If it isn’t, some of your site’s contents might not be encrypted, which can leave your site’s files or the communications between it and your user’s open – even though the browser indicates a secure connection.
7. What is the difference between a paid SSL and a free SSL certificate?
One of the major differences is – free SSL certificates provide only basic SSL encryption. Paid SSL certificates on the other hand, provide top level encryption especially when provided by a trusted certificate authority.
8. What is the validity period of an SSL certificate?
Most SSL certificates are typically valid for anywhere between 90 days to 2 years. Let’s Encrypt provides automated free domain validation SSL certificates that are valid for 90 days and have an auto renew future feature.
9. How quickly can my site begin to enjoy protection from an SSL certificate?
For standard wildcard and single running certificates, it can take anywhere from one hour to several hours after your approval before your SSL certificate begins to run. In some instances, it may take longer (up to several days), this only happens when there is an issue during the validation or vetting process.
