Share this Post
An SSL certificate is an increasingly vital part of any website and forms an integral component of the overall security framework.
Whilst long a suggested addition, many of the largest search engines are beginning to demand it, in some cases blocking websites without one.
Most however, such as google chrome, will brand websites without an SSL Certificate as ‘unsecure connections’.
Something that can be devastating to a business which relies on website traffic.
So, what is an SSL certificate? How do they work? What do they do? And why do internet giants think it’s so important you have one? Read more, and you’ll probably find yourself wanting one too.
Background: What is an SSL?
SSL stands for secure socket layer, and is often known as TLS, for transport layer security. There are some subtle differences, which you can read all about in our TLS vs SSL comparison.
It is a system for internet security, utilising encryption protocols that means all transmitted information is encrypted and impossible to read if intercepted in situ.
When it arrives at its digital location, an authentication process called a handshake takes place between the transmitter and receiver, if they are verified, the info is decrypted and then usable to the receiver.
This helps to greatly increase security when transmitting data, and any website using an SSL will be afforded a HTTPS address, as opposed to the standard HTTP.
What is an SSL Certificate?
SSL certificates are what authenticates the SSL protocol. They contain a websites public key, the websites identity data and a secure, private key. the public and private keys work in tandem to encrypt and decrypt data. Anything encrypted with one can only be decrypted with the other.
The certificate contains all the information needed to securely verify identity, and alongside the keys it contains:
- Verified domain name
- Verified subdomains
- The person, group, or device the domain is registered too.
- The authority that registered the Certificate
- Certificate authority’s verification/digital signature
- Certificate date of Issue
- Certificate expiration date
How does an SSL Certificate work?
I earlier mentioned how an SSL encrypts data whilst in transit and allows it to be decrypted when it arrives at the intended location, this process is facilitated by the Certificate, which contains the necessary keys.
When a communication is sent, whether this be an email or a financial transaction, the sender will encrypt it using the receivers public key, which is freely available. When this communication reaches the receiver, they can then use the private key to unlock it, which only they have access to.
If the communication that was encrypted with the public key was intercepted or reached the wrong source, they would be incapable of accessing it without the corresponding private key to the public one that encrypted it.
In this way, an SSL certificate is a potent defence against data interception, even if the info is acquired, it is useless without a way to decrypt it.
Why does your website need an SSL Certificate?
Theres a simple answer to this question: nothing you send is secure without one.
With the proliferation of ever more sophisticated interception malware, theres a startlingly high probability your data will be intercepted (2018 alone seeing a 126% Increase in Exposed Data), and so making sure its unreadable is the sage course of action.
There is also the danger of fake sites, these copy and imitate your website in order too defraud others of data, but without your encryption keys, even if they did manage to get this information it would be of little use. The certificate is a useful way to authenticate that the site your communicating with is really who it suggests.
Aside from these security options, there is also the need to consider that without one, your website will look unattractive to potential visitors.
The HTTPS status afforded by certification is being more widely and obviously presented by major search engines and browsers, and if they brand your uncertificated site ‘unsafe’, it will doubtless hurt traffic volume.
Here’s an example of what a user will see when they access an uncertified website:
and when they access a certified website:
Its obvious which looks more appealing to a visitor.
How to get an SSL Certificate?
For a website to obtain a valid (more on that in a moment) SSL certificate, it will need to obtain its domain from an accredited certificate authority.
These are trusted third party organizations that will digitally sign your certificate with their own private key, this allows other devices to confirm that your certification is legitimate. Nearly all these certification authorities will charge a fee for issuing the certificate.
When you have purchased it, it needs to be installed and activates within the origin server. This is usually an automatic process carried out by the hosting service (such as WordPress). Once activated, your website will convert to the HTTPS address and be able to communicate in encrypted code.
There is another method to get an SSL certificate where you can self-sign. This is where the digital signature used is not from a certification authority, but from a website own private key.
This might sound like a tempting method, but these self-signed websites are not considered secure by search engines, even though you’ll get the HTTPS address, your site is still liable to be branded with a big red “unsafe” sign, if even hosted at all.
Our advice, stick to an accredited certification authority and don’t risk self-signing. That said, if you still don’t like the idea of paying for an SSL certificate, there is another free option.
Free SSL Certificate
There are a number of free SSL certificates authorities out there. Its always wise to double check them, but most are legitimate. Although the best ones usually entail you signing up to another service, these are often free as well. One example is Cloudfare, which grants a free SSL Certificate when you sign up to their Control panel service.
Conclusion, is an SSL Certificate worth it?
Without a doubt, an SSL certificate is not only worth it now, but its importance is increasing. In 2014, Ebay was breached and 185 million user accounts were compromised, but thanks to the Paypal encryption used by Ebay, not one penny was lost; if this doesn’t prove how important SSL encryption can be, then nothing will!
Whether you want to secure yourself against an ever-changing world of online threats, or to become more attractive to website visitors by avoiding the dreaded ‘unsafe’ designation, an SSL Certificate is always a worthwhile investment.