What is an SSL Certificate?
Secure Sockets Layer
An SSL certificate is more than just technical jargon. It’s a globally recognized digital certificate that authenticates a website and enables a secure connection. In the past, SSL certificates were commonly used on e-commerce and banking sites to protect sensitive data like credit card numbers and other personal information. Today, it’s standard practice for every website to have this type of protection, whether it processes transactions or not.
WHAT IT DOES
There are two main functions of SSL certificates. The first is to protect website visitors by securing their data and preventing cyberattacks. An SSL certificate creates a secure link between a website and your browser. More specifically, it’s a protocol that encrypts internet traffic.
By encrypting data, you can protect sensitive information like:
- Credit card transactions
- Bank account numbers
- User information
- Login credentials
- Legal documents
- Digital contracts
- Medical records
With an SSL certificate, the data passed back and forth between the user and the site remains private. According to Host Gator, “the encryption algorithms will scramble any data being sent over the connection, so if the information is compromised it’ll be impossible to decipher.” The information can only be deciphered by the intended recipients on the other end of the connection.
This is where the second function comes in. SSL proves the business has verified its identity with a trusted third party, known as a certificate authority (CA). Website browsers trust CA organizations, and therefore, extend their trust to sites with SSL certificates.
HOW SSL WORKS
When a user attempts to connect to a website secured with SSL, the browser requests that the web server identifies itself. The server then sends the browser a copy of its SSL certificate. The browser checks whether or not it trusts the SSL certificate, mainly by verifying the CA. If the certificate is proven valid, the website’s server begins an SSL encrypted session.
SSL AND SEARCH ENGINE OPTMIZATION
Back in 2014, Google announced that SSL was a ranking signal. In other words, the search engine prioritizes secure websites over those without an SSL certificate. However, you should know that having an SSL certificate will not magically place your website at the top of search results. Over 200 other ranking signals contribute to your SEO, but an SSL certificate will certainly help, as Google demotes websites without SSL.
Of course, this a highly technical process that happens within fractions of a second. A secure connection is automatically initiated, so website visitors don’t have to do anything on their end. All major web browsers are compatible with SSL, so you won’t need to jump through hoops to make your certificate sync with desktop or mobile browsers.
HOW TO IDENTIFY AN SSL CERTIFICATE
The easiest way to check if a website has an SSL certificate is to look at the address bar. Most browsers will show the site’s security status right next to the URL.
The extra “s” means your connection to the website is secure. The data you enter into the website is encrypted. In an unsecured connection, hackers can easily intercept messages between the user and the server.
In most cases, the address bar also includes a padlock icon, but its appearance varies from browser to browser. Secure sites typically have a green or locked padlock to the left of the URL. Sites without an SSL certificate usually have a red or open padlock icon.
Many web browsers have tagged HTTP sites as “Not Secure” to alert users. If your website visitor is using Google Chrome, they may not connect to your site whatsoever. Instead of seeing your homepage, they’ll be met with a privacy error message.
How to get an SSL Certificate
For an SSL certificate to be valid, it must be obtained from a certificate authority. In most cases, you won’t have to worry about getting one on your own. Your hosting provider will likely offer an SSL certificate at an additional cost. And if you’re working with a web design company, they will take care of the installation for you. At least, that’s how we go about the process.
Things are more complicated if your website is a DIY project, but your hosting provider can configure your certificate for you. They’ll either walk you through the process or take care of it for a fee. Some web hosts even include a free SSL certificate with their hosting plans. Typically, everything is automatically set up for you so that you won’t struggle with the installation.
A Warning About Free SSL
Free SSL certificates may be tempting, but we recommend staying away from them. Unfortunately, there are malicious companies that find exploits and loopholes in the system. They generate fake SSL certificates that make it appear like your site is protected but don’t verify your web server’s identity like a legitimate CA would.
In many cases, you will receive a rogue certificate—SSL that is either compromised or was issued to the wrong organization.
“Rogue certificates allow attackers to create illegitimate sites that are indistinguishable from real sites like eBay, Google or PNC because their certificate hierarchy can be validated. Users then will be redirected to such sites through phishing or ‘man in the middle’ attacks where a compromised host in-between the user and a legitimate site sends traffic to an illegitimate site instead.”
Eric Vandenburg, Vice President of TCDI