You may be surprised by how much personal information users share during every web session. Every account registration requires entering personal data — name, date of birth, etc. Every purchase requires even more — sharing payment data. An SSL certificate is what helps to protect it all from unwanted access. So what is an ssl certificate?
Let’s start with SSL certificate definition. It stands for Secure Sockets Layer – a unique digital signature of your site. On some websites, you can see green, golden, or gray lock in web address row. Sometimes there is a company’s name highlighted next to the domain name. It indicates that an SSL certificate is installed on this website and all information is transmitted via the protected protocol.
SSL proves that this domain belongs to a real company. It contains the following information:
- domain name it is issued for;
- legal entity that possesses it;
- physical location of website owner (country and city);
- validity term;
- provider’s record details.
SSL certificate provides the encrypted connection between user and site. In other words, the information users share is protected from unauthorized parties – providers, operator, network administrator, etc. How does SSL certificate work?
- You enter the domain name in a browser.
- Server sends SSL cert information and public key.
- Browser checks the information, generates a session issue, encrypts it with a public key, and sends it back.
- Server decrypts the session key.
- Secure connection is established.
The information users share is protected from unauthorized parties – providers, operator, network administrator, etc.
Why do I need an SSL certificate?
If an SSL cert is not installed, all data you enter can be stolen. SSL certificate guarantees that scammers won’t access any information that should be available only to owners (account logins and passwords, banking cards details, payment, social network accounts, etc.). It confirms that using the site is secure, significantly reduces data leakage risks, and increases your company’s reputation. It is a really important thing when you launch an e-commerce website (read our guide on how to make a website).
The principle of SSL encryption
A key is the core of any encryption method – it encrypts and decrypts a transmitted message. Three types of keys are used: public, private and session.
- Public key encrypts a message. Browsers use it when it is necessary to send users’ data to servers.
- Private key decrypts a message. A server uses it when it receives a message from a browser. This key is stored on a server and is never transmitted together with a message.
- Session key encrypts and decrypts messages simultaneously. Browsers generate it for a short period of time a user spends on a website. After they close a tab, the session ends and this key stops functioning.
Everything must be clear with the definition and principles by now, but how to use SSL certificate in practice? You don’t need to learn anything about activation, it all happens automatically. When clients order something on your site, they enter credit card details. After the order is processed, info goes to your web server. At this moment, scammers can steal it. Browser transforms card number and then sends it to the server. It is only possible to decrypt a message using a special key which is stored on the server. Even if scammers manage to access the data, they won’t be able to figure out what it means.
Types of SSL certificates
When choosing a security certificate for website, focus on specific features of your website and its scale. We divided websites into several categories and explained the best licenses for each.
Websites for individuals
Small projects like personal websites, blogs, specialized forums, etc. can use an SSL certificate with domain name validation. It is necessary in case clients create accounts on your website, subscribe to newsletters, pay for courses or other services. It takes on average 15 minutes to obtain, and you don’t need any documents.
For small and medium business
Corporate websites, social networks, web shops, insurance, and tourism agencies can use SSL certificates with enterprise validation that are issued for organizations and legal entities. It is recommended if your clients store personal data on your web resource, communicate with other users, buy items or pay for services. After the purchase, the certification center checks the rights to the domain name and company registration. This process takes up to three days.
For big commercial enterprises
Governmental organizations, large-scale web shops, car dealers, real estate agencies, banks, investment funds should use SSL certificates with extended document validation. They are recommended for web resources, where users store money, securities, bank cards data, make payments, and upload personal documents.
Such certificates are issued only for legal entities and are the most difficult to obtain. Certification center support will check the domain name, company registration, contact data, right for commercial activity. It all takes up to two weeks. When entering such websites, users see a green row with the company’s name. It means that this company has passed a serious check and is really reliable.
For several domains
A multi-domain certificate is suitable for an internal company website, email server, holding, trade network, etc. It is recommended for companies which have several websites or a site with pages on different subdomains. The price includes three to five domain names, but you can increase this number up to 100 if needed. There are three types of multi-domain certificates – with domain validation, organization validation, or green row.
An owner of a multi-page corporate website, social network, web shop, or trade network should consider an SSL certificate for domains, also known as Wildcard. They are recommended for those, who want to protect the main domain or all subdomains simultaneously.
How to use SSL checker properly?
There are a few ways to check if your website is secure and uses an SSL certificate. You can try SSL site checker by pasting a certain domain name into placeholder and press “Start”. You will get all the needed information in several seconds:
- Does this website use SSL?
- Does it set up correctly?
- What is the date of SSL expiring?
Or you can do it manually. Just look at page address row (URL). You can see a green sign on the right or left side, depending on your browser. A lock icon next to it marks a protected website. The address starts from “HTTPS” instead of “HTTP” with “s” meaning “secure.” If no elements are featured, this website is not secure.
For example, it is shown like that:
Or you can use website security checker.
How an SSL Certificate affects SEO?
In 2014, the HTTPS connection became a factor that influences website ranking positions. Websites with SSL certificates get an advantage during forming the search results list regardless of a provider. Even if you decide to install free Let’s Encrypt, Google will pay attention.
However, the transition to HTTPS won’t take your website to the first positions. Only in combination with other features, SSL certificate will positively influence ranking positions. It is not possible to determine the weight of this factor precisely. Nevertheless, if two websites have identical features, SSL will be an advantage.
The investigations show that website owners don’t hurry to install SSL certificates. In 2016, only 65% of all domains were functioning without them. Transition to HTTPS can be troublesome, especially for big websites. It seems that domain owners prefer installing the certificates gradually.