What is SSL?

Think of visiting a website as having a conversation. You exchange information with the server and it responds with data of its own. If you were discussing something sensitive, you’d want that conversation to be held in as safe an environment as possible, right?

Buying products or giving your personal information to a website without an SSL certificate is akin to discussing your deepest secrets on a crowded subway car. It’s important to keep your information’s security in mind when browsing the web, especially when a website asks for your bank details or other sensitive information.

SSL works by encrypting communications online. Every time you send a message from Gmail, log in to Twitter or Facebook, or PayPal money to someone, a hidden layer of encryption protects your user data and any related information that sails through the internet. These sites all use HTTPS, a much more secure version of the standard HTTP protocol that facilitates web communication.

In this article, we will discuss the ins and outs of the domain name system, including the basics of how they work, why they exist and how they relate to your domain name.

The fact of the matter is that you shouldn’t give out any private information to any website that doesn’t use an SSL certificate. By adding an SSL certificate, website users’ sensitive data is kept out of the hands of third parties. If you’re a website owner and you need to collect any of this kind of confidential information from users, this level of security is a must.

The most common use of SSL is for instances where secure data such as credit card information or login information is transmitted, but it’s about more than just site security. It provides your customers with outside authentication, increases the trust they have in your business, and pleases Google in the process. Read on for a comprehensive guide to the ins and outs of SSL and how to choose the SSL certificate best suited to the needs of your website.

All the activities conducted on a website or online store are essentially requests for information between the visitor's web browser and the website in question. The SSL certificate indicates whether the transactions are secure and encrypted or not. Domain owners must buy and install an SSL Certificate onto its web server to initiate a secure session with its visitor’s computer browsers.

Once a secure connection is established, all future web traffic between a web server and web browser will be secure. Websites must only install an SSL certificate on the domain name server to upgrade their hypertext transfer (HTTP) application protocol to the superior, and more secure HTTPs.

Each valid SSL certificate must be issued for every server and domain (website address). When you use your browser to open a website holding an SSL certificate, the SSL handshake occurs between your browser and the website server. The information request during this ‘greeting’ is then made visible to you in your browser window. You will find some changes that indicate a secure session has been initiated. A padlock, a trust mark, or the website name highlighted in green are all indicators that a secure link is established and secure communications can begin.

You can easily recognize a secure connection. You can identify whether a website is protected with SSL certificate just by looking at the URL. If the URL begins with ‘https://’, it's to be understood that the website is secured with an SSL certificate. Standard web addresses begin with HTTP. In an SSL protected website, HTTP is replaced with HTTPs. The extra ‘s’ indicates that it's a secure page.

When you visit a website that has an SSL Certificate installed, your browser will show one or all of the following:

To understand how the hierarchy is queried by your computer to produce a website on your screen, you need a basic understanding of the elements within a domain name and how these relate to IP addresses.

• HTTPS at the beginning of the URL

• Green padlock

• Green address bar

How the browser will show a secure connection depends on the type of certificate you purchase, which we’ll discuss later, and what browser you are surfing the internet with. Most importantly, all the reputable browsers (Firefox, Chrome etc), including mobile internet browsers, implement these indicators in one way or another.

The image above illustrates how your website will appear with an SSL certificate, and without. The URL begins with HTTPS and the padlock reveals certificate details such as the issuer name who verified the site when clicked on. This provides transparency and peace of mind to internet browsers.

When a company has HTTPS, click on the padlock icon or the company name colored green for information about the owner of the SSL certificate. A quick check that the certificate matches up makes sure you are visiting the website you want to and won’t be inadvertently redirected to somewhere else - such as a phishing site.

An SSL Certificate will typically contain the following information:

• Domain name

• Company name

• Address

• State and country

• It will also contain when the SSL certificate is due to expire and information about the Certification Authority responsible for the issuance of the Certificate.

All conscientious websites that handle any kind of user information should use SSL technology to protect their customers.

In this modern age, more transactions are carried out through the internet than ever before. When financial details are submitted online, SSL certificates are a must. That said, SSL is critical for any website that asks users for any personal data such as contact information for a mailing list, or username, or password for login. Your website’s reputation depends on keeping these details protected.

SSL isn’t only a priority for e-commerce site owners. These days, internet users are savvy enough to look for the lock when visiting a website. HTTPs at the beginning of a website addresses indicates that a site is secure and safe to use. Applying SSL is a simple way to win user trust and quell any privacy concerns when data is offered online.

The main purpose of SSL is to provide secure online banking transactions, logins and data transfers that are useful for all manner of websites. It's commonly used for these purposes but has others as well. The most common use is for websites where secure data is transmitted like card payment details or secure login details. It also:

• Keeps data secure between servers, safe from the hands of hackers.

• Google and other search engines are taking serious measures to highlight unsafe (HTTP) website to their site visitors.

• Builds and enhances customer trust and potentially improve conversion rates.

Installing SSL to your server for Google’s benefit is as a good reason as any. The search engine is hot on website security and uses whether your site is deemed secure (if it’s SSL certified is part of that) as a ranking signal. It takes the security of its users very seriously. In the eyes of Google, it doesn’t matter if you accept payments on your website or not. It wants everything on the web to be secure and avidly encourages site owners to adopt HTTPS.

As of October 2017, Google’s Chrome browser reflects the search giant’s dedication to user security. The landing page result of any site not holding an SSL certificate will be displayed to all their visitors as ‘Not Secure.’ Google’s action has made it clear: it’s time for unencrypted sites to upgrade.

On their path to stamp out the use of non-secure (HTTP) sites, future releases of Chrome will further impede non-HTTPS sites. While it may seem like adding an SSL certificate to your domain is an inconvenience, it’s ultimately a move that’s going to future-proof your website, and protect the privacy of your users.

One of the most valuable aspects of adding an SSL certificate to your website is to protect any of your password protected pages - including your content management system such as WordPress, or other database-driven sites that require a login page for the admin to gain access.

Although it’s not apparent to most people browsing the internet, the web is filled with ill-intended bots that seek out poorly-protected login forms to crack into entire websites or gain access to membership accounts. You don’t want to log on to your site’s administration panel only to find your pages have been defaced or completely deleted and your member’s accounts have been infiltrated.

Membership sites with multiple logins are a juicy target for hackers to attack as they create more opportunities to do so. - Keep in mind that anything that needs to be secure online needs to operate under the safety net of an SSL certificate.

Not all websites use online transaction to collect money for products and services. There are plenty of websites that collect information. Anything with an online form such as a questionnaire reviewing a product, leads for potential home renters or buyers, or a Contact Us form, for example could use extra security.

Any website collecting even the most basic information such as name, address, phone number and email address should apply SSL protocol. Chances are, clients would not want this information leaked.

All SSL and TLS secured sites display HTTPS in the address. Transport layer security (TLS) is the successor to SSL but the protocol remains substantially the same. There are several types of certificates you can choose from for SSL/TLS negotiations: They can be grouped based on validation level, and the number of secured domain or subdomains they cover.

Domain Validated Certificates (DV)

• Level of Validation: Lowest

  Verification: DV SSL certificates are suitable for situations where you need to offer the general public a secure connection to your site. One example would be when you take payments. This private SSL certificate is tied to your domain name letting you know that they are on the right website. For this reason, this private SSL certificate is appropriate not only for e-commerce sites but for any site requiring secure communication with its visitors. Indication: A website with DV SSL has a secure HTTPS connection, and an HTTPS web address for visitors to identify.

  Indication: A website with DV SSL has a secure HTTPS connection, and an HTTPS web address for visitors to identify.

Organization Validated Certificate (OV)

• Level of Validation: Medium

  Verification: OV is similar to a DV, however, the certificate authority will investigate the company making the application. They will not investigate deeply, but the CA will contact the organization to make sure it is authenticated.

  Indication: HTTPS plus company information is included in the certificate details.

Extended Validation Certificates (EV)

• Level of Validation: Most strict level

  Verification: This certificate validates the ownership of the company including organization information, physical location, and the legal existence. Being the strictest level of validation, the organization is made aware of all SSL certificate requests to personally approve.

  Indication: The company’s name will appear in a green address bar in the visitor's browser.

• Single-name SSL Certificates - As expected, these protect a single subdomain/ hostname.

• Wildcard Certificates - Enable encryption on an unlimited amount of subdomains using a single certificate. The subdomains must share the same second-level domain name (i.e. yourdomain.com).

• Multi-Domain Certificates - For larger operations, multi-level SSL certificates secure up to 210 domain names with a single certificate and allows you to add all different second-level domains (i.e. yourdomain.net, yourdomain.com, otherdomain.shop).

There is an SSL available to cover a whole host of different requirements, there are some which offer higher levels of security to build consumer trust and others which cover more than one domain. The requirements for each type of SSL certificate vary, and they can range from free to cheap (DV SSL) to more expensive strictly business validation such as EV SSL Certificates.

Before selecting an SSL to buy, consider your business and budget. This is a business security consideration, so we recommend not compromising when it comes to your website’s SSL solution.

The earlier days of SSL meant some effort and cost in getting set up with HTTPs in your browser. These days the process is much simpler, and there’s a whole host of certificates providing free SSL certificates. An SSL certificate is only reliable with the right certification. To add SSL certification, a website must have passed verification controls held by authorized Certificate Authorities. If the application and supporting documentation is approved, it will issue an SSL certificate.

Companies like Symantec, Comodo, Thawte, DigiCert, and GlobalSign are the best known and most trusted brands that sell SSL certificates. This is because the big players in online browsers Mozilla, Opera, Blackberry, Java, etc. and operating systems such as Microsoft and iOS, trust that they are legitimate Certificate Authorities and can be relied on to issue trustworthy SSL Certificates.

You might find it more convenient to buy an SSL Certificate from your Domain Registrar. Many reputable hosting providers and domain registrars offer SSL as an upsell to their main product. You can add SSL at the time of domain purchase or anytime after.

To choose an SSL Certificate Provider, consider the following factors that will impact on your choice of client:

1. Brand

2. Validation Type

3. Issue Time

4. Domains Included

5. Server Licensing

6. Installation Checker

7. Supported Browsers

8. Compatibility with mobiles

9. Support for Scan

10. Site Seal

11. Trust Level

12. Warranty

Earning trust is a critical success factor for all companies operating online, regardless of whether they are an business online or host an e-commerce website. Investing in SSL technology and implementing using trust marks is an effective and proven way to establish a bond with your users.