SSL certificates: The basics
Uncategorized
Have you ever noticed that some URLs start with HTTP://, while others start with HTTPS://?
Maybe you noticed that extra “s” when you were browsing websites that require giving over sensitive information when you’re shopping online.
But what is that extra “s” and why is it important?
That little “s” shows visitors that your site is secure and encrypted because it has an SSL certificate.
What is an SSL certificate?
An SSL is security technology. It is a protocol for servers and web browsers that makes sure that data passed between the two are private by using an encrypted link that connects the server and browser.
SSL certificates are small data files that cryptographically confirm this encrypted link between a web server and a browser. Ensuring that all data passed between the web server and browser stay private.
Why do you need one?
When your customers submit a form on your website, they trust that their data is kept safe and secure. Without the right protection, their information could be stolen.
How do they steal it? Well, one of the most common ways hackers intercept data on an unsecured website is by placing a small, undetected listening program on the server hosting a website. That program waits in the background until a visitor starts typing information on the website, and it will activate to start capturing the information and then send it back to the hacker.
This information could be anything from an email address to a customer’s bank details. Imagine the impact that could have on your business? If your customers spread the word that your site is unsafe, you’ll lose sales and, your brand will be deemed as untrustworthy.
So how do you stop this from happening? By having an SSL certificate!
If your site has an SSL, your customer’s browser will form a connection with their webserver, examine the SSL certificate, then secure their browser and the server. This secure connection means no one besides you and your customer can see or access what they type.
Companies that request personal information from a user, such as an email address or payment information, should have SSL certificates on their website.
Having one means that the details you are collecting are private and ensures the customer that when they see that padlock and HTTPS://, their privacy is safe.
Which SSL certificate do I need?
SSL certificates fall under different categories: encryption, validation, and domain number. All certificates are processed by a Certificate Authority (CA). Additionally, for certificates defined by the domain number, the types are single, multidomain, and wildcard.
Let’s take a look at them in detail:
A Domain Validation (DV) certificate
The Domain Validation Certificate is the quickest validation you can receive but, it’s also the least secure. This certificate only requires proof you own the domain. Providing encryption only with no business validation.
Verification happens when you add a DNS to the CA. For this certificate, the CA will review the right of the applicant to own the domain being submitted.
One downside to this type of certificate is that there is no identity check, so you won’t know who is receiving your encrypted information.
Organisation Validated (OV SSL) Certificate
Organisation Validated Certificates verify that your organisation and domain validation exist.
They offer a medium level of encryption and are obtained in two steps. First, the CA verifies who owns the domain and if the organisation is operating legally.
Extended Validation (EV) SSL Certificate
To set up an Extended Validation (SV) SSL, you must prove that you are authorised to own the domain. Ensuring, your customers that you are legally collecting the data needed to perform some actions — such as a credit card number for an online transaction.
If your website processes web payments or collects data, you’d want to get this certificate because of the high level of security that it offers.
Wildcard SSL Certificates
Wildcard SSLs ensure that if you buy a certificate for one domain, you can use that same certificate for subdomains. For example, if you bought a Wildcard for example.com, it could be applied to mail.example.com and blog.example.com. This is cheaper than obtaining multiple SSL certificates for a number of domains and is great for businesses with sub-brands or child companies.
Single Domain SSL Certificate
A Single Domain SSL protects one domain. This means you can’t use it for your subdomains or a completely different domain. For example, if you purchase this certificate for example.com, you can’t use it for blog.example.com or 2ndexample.com.
Do I already have an SSL certificate?
SSL certificates are often purchased and then forgotten about completely until you suddenly come across a blog post reminding you how important they are.
Don’t worry, you don’t have to wade through all your website documentation to see if you can find it! CWCS has a handy SSL certificate checker.
And what if I don’t have one?
No worries – there are plenty of SSL providers out there. Take a look at who we work with.