What is an SSL certificate?

SSL (Secure Sockets Layer) is a cryptographic protocol designed to keep communication safe over the Internet. An SSL Certificate is a digitally signed file issued for a particular domain name/domain names. Besides the domain name, the certificate also contains the issuer signature, serial number, expiration date, etc. To enable a secure connection and protect important information, an SSL certificate file should be installed on the server. Once the SSL installation is completed, you can securely access your service via HTTPS or any other SSL protocols like FTPS, IMAPS, POP3S, SMTPS, NNTPS, LDAPS, etc.

So, let’s take a look at main advantages of using an SSL certificate.

Encryption

An SSL certificate helps to protect sensitive information such as logins, passwords, account details and cardholders information for e-commerce websites during Internet communication. Basically, Internet is a chain of computers, and every computer which takes part in data transfer from source to destination can read and recognize unencrypted information. The main idea is that all information is encrypted before being submitted, and only the web server and website visitor have personal keys to decrypt and recognize it. Encryption prevents eavesdropping and tampering information by hackers and identity thieves.

Authentication

It is important to know that a website you would like to visit and where you want to make a payment is authentic and trustworthy. To ease identification, the website server sends an SSL certificate to your web browser for verification. The web browser analyzes the information received from the SSL certificate and decides whether the certificate is trusted or not. Why some SSL certificates are trusted, and others are not? The main difference is that trusted SSL certificates are issued by Certificate Authorities after the applicant (website owner) passes their verification procedures. Every modern web browser with up-to-date configuration trusts the SSL certificates issued by Certificate Authorities. The verification depth and trust level mostly depend on the validation type of a particular SSL certificate.

• Domain validation . The most affordable and the least verified SSL certificate type. Usually, the Certificate Authority verifies only domain control rights for a particular domain name. More instructions on how to complete domain control validation (DCV) can be found here.
• Organization validation. SSL certificates of this type contain the company name and address by default. The person who applies for an OV certificate should prove that the organization is real. The organization details must be accessible in online public databases; the organization’s phone number is verified as well. The Certificate Authority may also require additional paperwork to prove the company’s identity. Detailed validation information for OV certificates can be found here.
• Extended validation. Only EV certificates provide highest user trust level. Besides OV requirements, an EV certificate can be applied for by a legal employee (VP, Officer, CEO, CIO) who has the authority to sign a subscriber agreement and a certificate request. The organization must have been registered and have been in operation for more than 3 years; otherwise, the CA may require additional paperwork. More information about extended validation can be found here.

Google search ranking boost

Starting from 06/08/2014, Google announced that having an SSL certificate installed on your website will increase your ranking position, which is another great reason to use SSL.

Trusted indicators

An SSL certificate also provides your web-resource with trusted indicators which can help visitors to make sure that your website is reliably protected.All SSL certificates from the Namecheap company provide a padlock in the address bar and the https:// connection no matter of which validation type they are.

Note : From September 2023, the padlock icon will be replaced by a tune icon in the new Chrome browser version. Google's reasoning is that secured HTTPS connections have become the online norm, not the exception, and no longer serve as a trust indicator. As such, the tune icon itself will not be a trust indicator but will provide detailed information about a website's connection and settings. So moving forward, when using a Chrome browser, the primary indication of a successful SSL certificate installation on a site will be the absence of security warnings .

1. Domain validation SSL certificates:
   Trusted indicators for a correctly installed and configured SSL certificate should be https:// in the address bar and padlock without any warning messages (mandatory). The examples of these signs for a domain validation SSL certificate in various web browsers can be found below:

   

   A domain validation SSL certificate does not include any personal or company information as it is not verified by a Certificate Authority during validation process:

   

   Some site seals examples for domain validation SSL certificates can be found below:

   

2. Organization validation SSL certificates:
   After successful installation, an OV SSL certificate looks pretty much the same at first sight - https:// in the address bar and a padlock. However, the organization name and organization location become a part of the SSL certificate after the vetting procedure:

   

   To emphasize the company name and location, the Certificate Authority provides OV and EV SSL certificates with dynamic site seals. Users have an opportunity to view and check the company for which an SSL certificate was issued by clicking on the special site seal icon on the website. More information about the installation of Comodo’s (now Sectigo) Trust Logo and Corner of Trust can be found here.

   

3. Extended validation SSL certificates:
   EV SSL certificate provides the highest assurance, which means that the business details are checked thoroughly and the company name, address and telephone number are displayed both in the certificate details available in the address bar and on the site seal.