What is SSL?
Secure Sockets Layer (SSL) is a security measure that enables encrypted communication between a web browser and a web server. Businesses use SSL to stop unauthorized third-parties from accessing sensitive data on their website. In layman’s terms, an SSL keeps the conversation between the web browser and web server private so hackers can’t butt in.
To create this secure connection an SSL certificate is installed on the server. The certificate will make sure the website is legitimate and encrypt the data that’s transmitted between the browser and server.
What does an SSL Certificate do?
SSL Certificates are small data files that bind a cryptographic key to an organization’s information. When the SSL Certificate is installed on the web server, it activates a padlock and https protocol that allows secure connections between the browser and server.
SSL Certificates bind together:
- The domain name, server name and hostname
- The organization’s identity (i.e. company name) and location
When an SSL certificate is installed on the server, the application protocol (a.k.a. HTTP) will change to HTTPS, with the S standing for “secure”. Depending on the type of certificate and the browser being used, a green padlock will appear in the browser as well.
Are there different types of SSL Certificates?
Yes, there are several types of SSL certificates based on the number of domain names or subdomains owned and the level of validation needed.
Types of SSL Certificates Based on Domain/Sub-Domain Number:
- Single: secures one domain name or subdomain name
- Wildcard: covers one domain name and an unlimited number of its subdomains
- Multi-Domain: secures multiple domain names
Types of SSL Certificates Based on Level of Validation Needed:
- Domain Validation: This is the least expensive option available. This validation covers basic encryption and verification of who owns the domain name.
- Organization Validation: In addition to what domain validation provides, organization validation authenticates more specific details about the domain name owner like name and address.
- Extended Validation (EV): This type of certificate provides the highest level of security because a thorough examination is conducted before it’s issued. In addition to what is provided by organization validation, the legal, physical and operational existence of the owner is verified as well.
Who needs an SSL Certificate?
If you’re an individual or business that uses their website to receive, process, collect, store or display confidential or sensitive information, you should have an SSL certificate. This information may include things like:
- Logins and passwords
- Financial information (i.e. credit card numbers, back account numbers)
- Personal Data (i.e. names, addresses, social security numbers, birth dates)
- Proprietary Information
- Legal documents and contracts
- Client Lists
- Medical Records
The benefits of having an SSL are:
- Keeping data secure between servers
- Increasing your Google Rankings
- Building/Enhancing customer trust
- Improving conversion rates
Where do I get an SSL Certificate?
SSL certificates are issued by Certificate Authorities (CAs), organizations that are trusted to verify the identity and legitimacy of any entity requesting a certificate. Many domain name registrar or website hosting providers offer SSL certificates for purchase. The CA’s role is to accept and authenticate certificate applications, issue certificates, and maintain status information on certificates issued.
Keep in mind:
When choosing the right SSL provider, consider the fact that users’ web browsers normally keep a cached list of trusted CAs on file – so if a digital certificate is signed by an entity that’s not on the “approved” list, the browser will send a warning message to the user that the website may not be trustworthy.
How will visitors know my website has an SSL Certificate?
There are four ways visitors will see if you have an SSL Certificate:
- Padlock to the left of a URL
- https URL prefix instead of http
- A trust seal
- A green address bar (when an EV SSL certificate is issued)
SSL Certificates are a smart decision for any business, but especially businesses that deal with private information. With the knowledge we’ve provided here, you’ll be able to confidently find an SSL Certificate that meets your business needs.
Need IT support for your business? Call 914-934-9775 or email firstname.lastname@example.org and ask our representative about PCI’s managed IT services!