Many users won’t notice the difference between an http:// and https:// website address. In fact most people, including some website owners, are probably unaware of the existence and purpose of SSL certificates. So what is an SSL certificate and why is it important to have an one?
The primary reason for an SSL is to encrypt sensitive information so that the intended recipient is the only one who can access it. An SSL activates the padlock icon and HTTPS protocol which allows secure connections from the server to a browser.
Basically what this means for a user is that you know the information you enter is only available to the intended recipient and it is safe from hackers and identity thieves.
For a business it means protecting sensitive customer data from third parties, boosting customer confidence, and helping to increase your SEO rankings.
What is an SSL certificate?
SSL stands for Secure Sockets Layer. It is a protocol that secures data that is transferred between a user and the website they’re visiting
SSL certificates are small data files that establish an encrypted link between a web server and a browser. This link ensures that all sensitive information like credit card numbers, usernames and passwords remain private.
If a website uses the normal HTTP protocol, any information that is entered can be intercepted by hackers. One of the most common ways hackers intercept data is by placing a small, undetected listening program on the server hosting a website. The program waits in the background until a visitor starts entering information, when it will activate and start capturing information.
If the website is encrypted with SSL, the browser will establish a secure session to ensure that no-one besides the user and the website can see what is being typed.
How does an SSL certificate work?
SSL is a security protocol for servers and web browsers that ensures the data passed between the two is private. The information becomes unreadable to everyone except the server.
If the browser detects a valid SSL certificate, it uses the website’s public key to encrypt data. The data is then returned to the website’s server and decrypted using a secret private key.
The public and private keys are strings of characters that are used for encrypting and decrypting data. SSL encryption is possible because of the public – private key pairing.
Does my website need an SSL certificate?
An SSL certificate is a requirement for websites that collect user data and is essential for e-commerce or membership sites that require login information. Online payment services also require that websites use SSL / HTTPS before payments can be received.
A website needs an SSL certificate in order to keep user data secure, verify ownership and prevent attackers from creating a false version of the site.
Having an SSL certificate on your site also helps create a positive impression of your brand to visitors. Google displays non-SSL websites as “not-secure”. So if you don’t have an SSL certificate on your site, you will appear less trustworthy.
The different types of SSL certificate
While all SSL certificates provide protection to website users, the difference is in the level of validation between the business and the certificate authority. There are three main types of SSL certificate available.
Domain Validated SSL (DV)
This type of certificate is suitable for small to medium size business and is relatively straightforward to set up. It displays a padlock icon next to the website address and changes the URL protocol from HTTP to HTTPS. Pricing for a DV SSL certificate starts at around R200 a year.
Organisation Validated SSL (OV)
This is a good option for company websites. The certification Authority requires specific information to set up an OVL SSL certificate. This information includes the company’s name, registration number and address. Pricing for an OV SSL starts at around R1500 a year.
Extended Validation (EV)
Large companies and e-commerce stores use this type of certificate as it provides the highest level of security. The company name is displayed before the URL in a green address bar. Pricing for and EV SSL starts at around R2000 a year.
Most website hosting companies now offer a free SSL certificate using Let’s Encrypt. The certificate is valid for 90 days, but it is recommended that you renew every 60 days.
I hope this article has helped provide a little information on the purpose of SSL certificates. Please feel free to leave a comment or contact us directly if you have any questions regarding HTTP and SSL.