What is an SSL cert?
To most casual users, an SSL certificate is nothing more than a little green padlock symbol next to the URL at the top of our web browser.
But that symbol means that the site you are visiting has an SSL (Secure Socket Level) certificate. More accurately named a TLS (Transport Layer Security) certificate, the SSL is part of something bigger: Security! Every SSL certificate is issued by a certificate authority and lets you and your web browser know that the domain is who they claim they are. And, it’s not just that – there is a whole chain of certificates that verify that the certifying authorities are who they say they are. If all does not check out, your web browser will let you know.
More importantly, the security comes from encryption. The certificate sent to your browser contains a public key that pairs with a private key at the destination. This is used to create very strong encryption. Without encryption, any device that handles the traffic between your browser and the web server could read its contents. Remember that on many networks, the messages go to many devices, but are processed only by the addressee and ignored by the rest. Hackers and spies set their devices to not ignore the rest.
So, you can see that an SSL cert shows you and your web browser that the domain of the web server is really the domain it claims to be, and that what is sent and received cannot be read by anyone else in between.
What else does an SSL cert do?
Not all SSL certificates are equal. Some will not only validate the domain, but also validate the organization that owns the domain. This makes it known that the people who own the domain are who they say they are, and even their address and phone number are verified to get this extended validation.
Some types of SSL certificates:
- DV (Domain Validated) SSL certificates – this is the fastest and least expensive certification to have.
- EV (Extended Validation) SSL certificates – this takes longer for validation, but it also validates the organization that owns the domain. This usually shows in a browser as a green address bar with the organization’s name.
- OV (Organization Validation) SSL certificates – this is a between the DV and EV, the site gets more validation than the DV, but not as much as the EV. To viewers of the site, it appears the same as the DV.
- Wildcard certificate – these certificates will also validate the subdomains of the site.
- Multi-Domain, UCC (Unified Communications), or SAN (Subject Alternative Name) SSL certificates – these certificates will validate multiple domain names.
- Self signed SSL certificates – a certificate authority does not validate the domain, but the traffic is encrypted the same way that validated sites are encrypted. This usually causes your web browser to refuse to display the site unless you add it as an exception (This should only be used for testing).
Does my website need one?
If your website engages in e-commerce, then you absolutely do. Even if all the e-commerce is done on another server that is secure and not on your web server, customers may still want the confidence of knowing that they are on a secure site before they decide to purchase anything.
If your site asks for user names and passwords, then you need security. If your site has any forms that ask users for any information (such as a contact or subscribe form), then you should have a certification to show your users that you value, and will protect, their privacy.
If your website is only there to tell the world who you are and what you do (and asks for nothing from a user), you may think that it does not need a secure connection. But a visitor to your site may be distracted or dissuaded by their browser’s warning that the site may not be secure.
Reasons to add one now:
- Search engines will give your site a lower search ranking for not having an SSL cert
- Google and Chrome will flag your site as not secure
- WordPress will soon require hosts to have HTTPS available for some features to work
- If you take credit card data, you are required to have a secure connection for PCI DSS Compliance (Payment Card Industry Data Security Standard)
In today’s world of cyber attacks and hacking, SSL certificates are more important now than ever before, because people expect that the website they are looking at is secure, if only for the comfort it gives them.