Table Of Contents
- 1 What is an SSL certificate?
- 2 Types of SSL certificates
- 3 How to verify that a website has an SSL certificate?
- 4 Why use SSL certificates?
- 5 How does an SSL work?
- 6 How SSL helps SEO and Conversions?
- 7 What is Letsencrypt and Cloudflare?
When a person makes an online purchase, he or she wants to be confident in the security of the site.An SSL certificate encrypts the data between the users input and the server so no person sitting in the middle can capture and decrypt the data. An SSL certificate is essentially a mechanism to prevent a user’s data being stolen using various attacks more primarily the man in the middle attack. A variety of SSL products are available to ensure the customer feels this confidence. An added benefit of utilizing SSL products is it can also boost the website’s search rankings.
Various webmasters have begun to explore the possibilities associated with SSL products, but find the number of options overwhelming. With the massive amount of SSL add-ons available, the task of comparing providers and certificates becomes almost impossible.
What is an SSL certificate?
One of the first steps in choosing the best SSL products and options is understanding what an SSL certificate entails. SSL stands for Secure Sockets Layer. This layer is a security method to protect sensitive information by encrypting it as it is being transferred. This certificate protects data such as Social Security numbers, credit card numbers, passwords, etc.
Generally, when data is transferred between a website browser and a web server, it is plain text. Plain text transfer leaves the company and the client vulnerable. An SSL certificated reduces the risk of hackers by establishing an encrypted connection. This encrypted connection is created by the utilization of a public and private key. A certificate allows these two keys to work together to establish an encrypted connection that is secure.
An SSL certificate is a small file that carries data which is used to connect a cryptographic key (private) to a company’s detail (public). It provides a secure connection between the browser and web server. A company installs the certificate on a web server which then activates a type of padlock and other https protocols to provide security.
This certificate binds the domain name (server name or host-name) to the organization’s name and location. Once this binding is established, the data transferred between the web browser and web server should be secure.
When the certificate is successfully installed, the application protocol, HTTP, changes to HTTPS. The added ‘s’ represents secure. A padlock or green bar will appear in the web browser when surfing a website with an SSL certificate.
Types of SSL certificates
When an individual is expected to submit confidential information, an SSL certificate is used to provide security. This confidential information is used to complete payment forms, login information, banking information, etc.
Because Google offers a better search ranking for websites employing an SSL certificate, SEO can also be improved by utilizing an SSL certificate outside of sensitive pages. The Certificate Authority (CA) is the third party who issues an SSL certificate to a website. A variety of validation levels and types are available. The validation levels are:
The available certification types include:
- Single Domain
- Unified Communications
When an SSL certificate is issued, it is a combination of certificate type and validation level. It is important to remember that a variety of guidelines govern the issuing of the validation levels of the certificates which prohibits certain combinations of validation levels and certificate types.
Extended Validation Certificate
The EV certificate is credited with providing the highest level of security and customer conversion for businesses online. For a business to be issued an EV certificate, a background check must be performed on the company. The green address bar lets the client know he or she can trust the site.
Organization Validated Certificate
This level of certificate involves a complete validation from a Certificate Authority. The Certificate Authority uses their established vetting process to validate the company. This certification includes the name, address, and other details of the company. This level of accreditation will not turn the address bar green.
Domain Validated Certificates
DV certificates provide the least amount of assurance about the identity of the company. OV and EV certificates are only issued after a real person has vetted the company. DV certificates are issued based on an automated vetting of domain control.
Single Domain Certificate
This certificate allows one utterly qualified domain name on an individual license. A single domain certificate secures all areas and pages of the one domain. They are available in all three levels DV, OV, and EV. This type of certification is fabulous for the small to medium business that has a few websites.
Wildcard SSL Certificate
This certificate is similar to the single domain but allows the business to secure an unlimited amount of sub-domains associated with the single domain. This certificate is perfect for growing companies who need flexibility.
Multi-Domain SSL Certificate
This type of certificate allows a business to secure more than one unique domains on a single license. Some MDC will enable a company up to 100 domains on a single certificate. This fact makes it excellent for large businesses that need to manage massive amounts of websites.
Unified Communications Certificate
These certificates were specially designed to be used with Microsoft Exchange and Office Communications. It allows the customer to have various domains without the need for different IP addresses for each. Client administration is significantly reduced with this certificate because the Microsoft Exchange Autodiscover service can be used.
After choosing the right level and type of certification, it is essential to be able to verify a website has an SSL certificate.
How to verify that a website has an SSL certificate?
Different browsers have different mechanism to verify the SSL certificate and whether it is fully installed.
If the person is using Internet Explorer, he or she opens the browser and click tools. Then he or she needs to select Internet Options. Under Internet Options, the Content tab can be chosen. This area is where the Certificates tab is located. Once this tab has been clicked, a dialog box will open allowing the user to view the certificate type and level.
In Firefox and Chrome, simply clicking the Green padlock will give you a float to verify that an SSL is installed. Firefox and Chrome also provide options to install the type and details of the certificate via going into the console under inspect element of both browsers.
It is also possible to view an SSL certificate from the address bar. On the right side of the website address, a padlock icon will appear. Clicking this icon will lead the user to the View Certificate link which allows him or her to view specific details about the SSL certificates.
Why use SSL certificates?
Many people do not believe that an SSL certificate is necessary, but they are wrong. SSL certificates provide four significant benefits which include:
- Encrypts Sensitive Information
- PCI Compliance
- Improved search engine optimisation rankings
The most predominant reason SSL certificates are used is to protect sensitive information. When information is entered, it is passed from one computer to another to get to the destination server. The confidential information can be seen by all of the networks between the original machine and the destination server. An SSL certificate encrypts this information, so it becomes unreadable to every computer except the destination server.
When a website uses a proper SSL certificate, it will also provide authentication. This statement means that an SSL certificate will ensure the sensitive information is sent to the right server and not to an imposter. It is possible for any of the computers between the origin computer and the destination computer to pose as the destination server. A Public Key Infrastructure (PKI) and SSL certification will prevent this from happening.
An SSL certification also provides trust to the user. When a customer visits a website, the green address bar or the padlock icon lets the visitor know the site is trustworthy. SSL certificates give the website a seal of trust that customers can understand.
Finally, using an SSL certificate is required for PCI compliance. PCI stands for Payment Card Industry. This industry provides standards and audits for websites to be able to accept credit card information. One of the top requirements is the site must utilize an SSL certificate.
How does an SSL work?
When an SSL certificate works, it involves five steps to work correctly. The first step is a person uses a browser or server to connect to a particular website. This website has an SSL certificate for security. The server being used will ask the web server to provide identification.
The web server will send the SSL certificate copy to the browser or server requesting it. The third step involves the browser or server evaluating the SSL certificate and deciding to trust it or not. The server will send a message back to the web server.
During the fourth step, the web server will respond to the browser with a signed acknowledgment to begin an encrypted conference. The final step is when the encoded information is mutually shared between the browser of the user and the website server.
How SSL helps SEO and Conversions?
What is SEO? SEO stands for search engine optimization and is the process of improving your website readability and crawlability by search engines. When a person searches using a search engine, SEO efforts will rank the site higher and drive the traffic to a particular website. Small business SEO is a critical factor for a successful online business.
Google has started showing insecure warning in chrome since Chrome 56. A detailed blog can be found here. Showing insecure warnings for your website leads to erosion of trust and also means that visitors will be less likely to make a purchase from the site. In addition to this, unencrypted traffic usually means that data of the user can be stolen using the man in the middle attack.
Google has confirmed numerous times that they use SSL as a ranking factor. Although the in our opinion, the weight of SSL as a ranking factor would be low at this point but as the web continues to progress and browsers advent, SSL is only going to become mandatory and will carry a lot more weight.
What is Letsencrypt and Cloudflare?
Sometimes when implementing SSL certificates, it can seem overwhelming. A variety of businesses offer SSL certificate services that are simple and affordable to use. There are a lot of easy to use SSL certificate options including some host helping you install the SSL on your website.
Since the advent of Letsencrypt, the price of SSL has dropped owing to the fact that SSL is now free. Letsencrypt is a free service which is provided by the Internet Security Research Group. This group offers free SSL certificates to help promote web security. The implementation of this type of certificate is the same as a traditional HTTPS implementation but is much more affordable. If you are running your own server , you can simply use one of the few Letsencrypt libraries to install the SSL locally. Using a cron job, you can then set the certificate to auto renew.
Cloudflare offers an SSL service which is flexible removing almost all of the issues associated with implementing a traditional SSL certificate. They achieve this by hosting a cached version of a website on their servers. The hosting sites SSL certificates protect the connection between this cached version and the visitors to the site. This process makes securing a website as simple as possible. Cloudflare also has its own disadvantages in that it crawls everything on your website including any data that you may seem sensitive. A few security experts have expressed concerns about cloudflare including Google’s security experts that found some really sensitive information being cached by Cloudflare.