What is an SSL Certificate?
A Secure Sockets Layer is a security protocol that encrypts data to keep it secure between servers. Websites with an SSL Certificate will show a lock icon in the web browser, and will begin with HTTPS, which communicates to users that the website is encrypted. There are a few other differences between HTTPS and HTTP but this is the most important distinction.
A website without an SSL Certificate is vulnerable to hackers, and users’ private data is not protected. Because of this, Google favors sites that do have SSL Certificates, and will warn visitors that the site they are about to visit is not secure if it lacks an SSL. When data passes between a user and a website that is not encrypted by an SSL Certificate, a hacker can intercept that private information.
How Does and SSL Certificate Protect My Site and Its Users?
SSL works with TLS (Transport Layer Security) to provide encryption, authentication, and integrity. Encryption hides the data from third parties, authentication verifies the identities of the two parties transferring information, and integrity ensures the data has not been falsified or tampered with.
Types of SSL Certificates
Domain Validated SSL– The cheapest SSL Certificate, DV is also the lowest protection-level of SSL available. To get a DV SSL, you must prove you have control of the domain. It’s a quick process to get verified and can be done by verifying with a DNS TXT record or by responding to an using your domain’s WHOIS. If your site handles sensitive user data, this option does not provide enough protection. DV is best for blogs and websites that don’t gather any personal information.
Organization Validated SSL– If your site handles data using forms and lead capture, you need higher security and an OV Certificate may be right for you. You must prove ownership of a DNS record and will be contacted to verify domain control. Unlike, DV Certificates, OV Certificates cannot be obtained by hackers since they cannot validate their fraudulent domains.
Extended Validated SSL– This validation type has sixteen steps required to obtain it. Think of it as a full background check. Your site will receive the highest protections. Because of the strict vetting process, Extended Validation takes the longest to get and costs the most. It’s best for eCommerce sites, financial institutions, and larger businesses that handle a lot of sensitive data.
Wildcard SSL– If you own a domain as well as a few subdomains, a Wildcard Certificate may be right for you. They cover a single domain and unlimited subdomains. Certificate authorities will verify your control of each site before you receive your certificate.
These certificates all last a year in general and will need to be renewed in the same manner close to expiration. You can usually obtain an SSL Certificate through you hosting provider. Read our hosting provider recommendations here.
According to Google, HTTPS is now a ranking signal. Users are much more likely to use and trust a website with an SSL certificate, and Google knows this, which is why using an SSL certificate is not just a good idea security-wise, but also a good idea for marketing and SEO purposes.
An SSL prevents attacks from outside your organization, learn how to further protect your business by training your employees in cybersecurity best practices.