What is an SSL Certificate?

Secure Sockets Layer

An SSL certificate is more than just technical jargon. It’s a globally recognized digital certificate that authenticates a website and enables a secure connection. In the past, SSL certificates were commonly used on e-commerce and banking sites to protect sensitive data like credit card numbers and other personal information. Today, it’s standard practice for every website to have this type of protection, whether it processes transactions or not.

WHAT IT DOES

There are two main functions of SSL certificates. The first is to protect website visitors by securing their data and preventing cyberattacks. An SSL certificate creates a secure link between a website and your browser. More specifically, it’s a protocol that encrypts internet traffic.

By encrypting data, you can protect sensitive information like:

  • Credit card transactions
  • Bank account numbers
  • User information
  • Login credentials
  • Legal documents
  • Digital contracts
  • Medical records

With an SSL certificate, the data passed back and forth between the user and the site remains private. According to Host Gator, “the encryption algorithms will scramble any data being sent over the connection, so if the information is compromised it’ll be impossible to decipher.” The information can only be deciphered by the intended recipients on the other end of the connection.

This is where the second function comes in. SSL proves the business has verified its identity with a trusted third party, known as a certificate authority (CA). Website browsers trust CA organizations, and therefore, extend their trust to sites with SSL certificates.

HOW SSL WORKS

When a user attempts to connect to a website secured with SSL, the browser requests that the web server identifies itself. The server then sends the browser a copy of its SSL certificate. The browser checks whether or not it trusts the SSL certificate, mainly by verifying the CA. If the certificate is proven valid, the website’s server begins an SSL encrypted session.

SSL AND SEARCH ENGINE OPTMIZATION

Back in 2014, Google announced that SSL was a ranking signal. In other words, the search engine prioritizes secure websites over those without an SSL certificate. However, you should know that having an SSL certificate will not magically place your website at the top of search results. Over 200 other ranking signals contribute to your SEO, but an SSL certificate will certainly help, as Google demotes websites without SSL.

Of course, this a highly technical process that happens within fractions of a second. A secure connection is automatically initiated, so website visitors don’t have to do anything on their end. All major web browsers are compatible with SSL, so you won’t need to jump through hoops to make your certificate sync with desktop or mobile browsers.

HOW TO IDENTIFY AN SSL CERTIFICATE

The easiest way to check if a website has an SSL certificate is to look at the address bar. Most browsers will show the site’s security status right next to the URL.

HTTPS://

The extra “s” means your connection to the website is secure. The data you enter into the website is encrypted. In an unsecured connection, hackers can easily intercept messages between the user and the server.

The Padlock

In most cases, the address bar also includes a padlock icon, but its appearance varies from browser to browser. Secure sites typically have a green or locked padlock to the left of the URL. Sites without an SSL certificate usually have a red or open padlock icon.

20Twenty Design Website in Address Bar

Browser Warnings

Many web browsers have tagged HTTP sites as “Not Secure” to alert users. If your website visitor is using Google Chrome, they may not connect to your site whatsoever. Instead of seeing your homepage, they’ll be met with a privacy error message.

Google Chrome Window with "Your Connection is not Private" SSL Warning


Google Homepage on Smartphone

DEBUNKING SSL MISCONCEPTIONS

“But I don’t process payments.”

Some website owners choose to forgo an SSL certificate because they mistakenly think it’s only necessary for e-commerce sites. If you decide to leave your site unprotected, you ultimately put your customers at risk. Any data submitted to the website will not be encrypted.

Cybercriminals don’t just go after credit card numbers. Information as harmless as an email address or cell phone number can give persistent hackers an easy way into other accounts.

“I don’t collect any information on my website, so I don’t need an SSL certificate.”

Without SSL, a website is effectively open for anyone to tamper with. Hackers can inject a small amount of code into the site, allowing them to intercept information. They can also divert traffic from a site and redirect externally.

“My business is too small for hackers to target.”

Small businesses are easy prey for hackers, and it’s hard for them to bounce back following a cyberattack. In 2020, the average total cost of a data breach in smaller companies was $2.34 million. Nearly 20 percent of all small businesses experience cyber-attacks every year. Of that group, 60 percent of those businesses will close within six months of being hacked.

It’s not worth the risk:

  • Phishing attacks
  • Data leakage
  • Identity theft
  • Compromised logins
  • Distrust by web browsers
  • Damage to your reputation

How to get an SSL Certificate

For an SSL certificate to be valid, it must be obtained from a certificate authority. In most cases, you won’t have to worry about getting one on your own. Your hosting provider will likely offer an SSL certificate at an additional cost. And if you’re working with a web design company, they will take care of the installation for you. At least, that’s how we go about the process.

Things are more complicated if your website is a DIY project, but your hosting provider can configure your certificate for you. They’ll either walk you through the process or take care of it for a fee. Some web hosts even include a free SSL certificate with their hosting plans. Typically, everything is automatically set up for you so that you won’t struggle with the installation.

A Warning About Free SSL

Free SSL certificates may be tempting, but we recommend staying away from them. Unfortunately, there are malicious companies that find exploits and loopholes in the system. They generate fake SSL certificates that make it appear like your site is protected but don’t verify your web server’s identity like a legitimate CA would.

In many cases, you will receive a rogue certificate—SSL that is either compromised or was issued to the wrong organization.

“Rogue certificates allow attackers to create illegitimate sites that are indistinguishable from real sites like eBay, Google or PNC because their certificate hierarchy can be validated. Users then will be redirected to such sites through phishing or ‘man in the middle’ attacks where a compromised host in-between the user and a legitimate site sends traffic to an illegitimate site instead.”

Eric Vandenburg, Vice President of TCDI

The reality is that SSL certificates are nothing new. They’ve been around since 1994 and have grown more important with time. In the past few years, we’ve seen a significant increase in concern for web security. Every piece of the web industry is working towards greater safety, and we think security will continue to evolve.

So, where does this leave you? If you have an SSL certificate, be sure to stay up to date with your renewals. If you don’t have one yet, it’s time to seek one out, whether that’s through your hosting provider or your web developer. Don’t let fall privacy and encryption fall by the wayside. Protect your customers, your reputation, and the security of your business.

Web Development