SSL Certificates – Why Have One?

SSL Certificates – Why Have One?

In layman’s terms, an SSL certificate is something that makes your site more secure. When buying something security related for important things in our lives, e.g. a safe, strong windows or an alarm system, people generally seem to be a bit more clued up about what the security they are buying actually does. Online we tend to just accept we need it. But why?

SSL Basics

SSL is an acronym for Secure Socket Layer. Secure Socket Layers are “the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.” info.ssl.com

They add a level of privacy to the information you are sending and receiving. Information sent without an SSL is just sent as plain text, readable to anyone who cares to eavesdrop. By taking this security step, what you are doing is encrypting the data so that it is far harder, admittedly not impossible, to read – kind of like if you were to take a conversation from the hallway into a private room. People can’t listen in that way, but someone determined and skilled could still bug the room, although hacking at this level of security is by no means an easy feat.

The Evolution of SSL

Although widely used, the acronym SSL isn’t used accurately. Since 1999, TLS (Transport Layer Security) Protocols replaced SSL in order to standardise the internet community. However, as everyone was familiar with the term SSL, this stuck – kind of like how people refer to a hoover, when they actually mean a vacuum cleaner.

A TLS does the same thing, just more advanced than the now very outdated SSL.

How a Secure Socket Layer works

The task of explaining how the protocols work and the communications that take place between machines when an SSL is in place is a complicated one.

SSL-Flowchart

(SANS)

This diagram doesn’t account for issues that occur, primarily when the system drops or changes the connection in order to keep it secure. If someone was to try and attack the process and retrieve some secure data, an incorrect authentication would be received. This would result in the connection being severed and reinstated as a different secure connection.

Types of Certificates

There are 3 types of Secure Socket Layer Certificates (or more accurately TLS) that you should consider:

  1. A standard SSL
  2. A UCC/SAN SSL
  3. WildCard 

All offer virtually identical protection, with a couple of minor differences:

  1. A standard SSL applies to only one site, a UCC/SAN SSL applies to multiple websites and a WildCard SSL applies to one website and all of its subdomains.
  2. Options one and two will turn the web address bar green, whereas a WildCard SSL won’t – although all will enable the green padlock.

There are different strengths of each: Domain Validated (DV), Organisation Validated (OV) and Extended Validated (EV). DV verifies your ownership of the domain, OV proves that you own the domain and that your organisation is legitimate and EV is similar to OV but with extended validation checks. OV and EV are the most reassuring to users as it proves you are a legitimate business as fraudulent sites would not be able to pass the checks required to have one of these certificates.

Two other VERY IMPORTANT reasons to have one

The reassurances provided above by OV and EV certificates are useful, but not everyone knows to look for these. Most of us just look for the little green padlock and https:// (the difference between http and https is that the “s” stands for secure).

ssl-installed-weblink

Google is now changing the appearance of the icon to be even more obvious, allowing users to feel more reassured or instantly put off from using a website.

new-ssl-security-notification

If that wasn’t enough justification for you to invest in a certificate, then perhaps the knowledge that Search Engine Results Pages (SERPs) rate secure websites higher in the listings than those without.

So that’s SSLs in a nutshell. I would highly recommend anyone who doesn’t have one for their site to invest in getting one. They won’t necessarily protect your site against hackers, but they will protect the information being sent to and from your site. That and they will make you easier to find and better trusted. So for that reason, get in touch with your web developers, or the team at Purr, and get an SSL certificate installed.

Stephen Collins