SSL (Secure Sockets Layer) certificates are essential for website security. They are now commonly understood to be a sign that a website can be trusted. However, there are some misconceptions about the purpose of SLL certificates. And some consumers place too much reliance on the credibility that the presence of SSL infers.
So, what is an SSL certificate, what does it prove, and is one needed for every website? Here are the answers to those questions, along with everything else you need to know about SSL.
Everything You Need to Know About SSL Certificates
- What Is SSL?
- What Is TLS?
- Does Every Website Need an SSL Certificate?
- What Are the Various Types of SSL Certificates?
- Domain Validated SSL
- Organization Validated and Extended Validation SSL
- Single Domain SSL Certificates
- Wildcard SSL Certificates
- Multi-domain SSL Certificate
- How Do You Get an SSL Certificate for a Website?
- Do You Need an SSL Certificate for Your Website?
- Conclusion
What Is SSL?
SSL is a cryptographic protocol that protects data as it is transferred from a website to a server. The protocol encrypts data to prevent third parties from intercepting the information. The presence of an SSL certificate proves that SSL encryption has been implemented on a domain.
SSL used to be used primarily by eCommerce sites to protect users’ payment information. But, today, SSL certificates are employed on all reputable websites. This change in usage has been primarily driven by search engines promoting the use of SSL certificates. Google, for example, now displays a warning that sites without an SLL certificate are unsecured.
However, contrary to popular belief, the presence of an SSL certificate does not guarantee that site can be trusted. Indeed, any website owner, honest or otherwise, can implement an SSL certificate on their website. SSL merely encrypts data as described above.
What Is TLS?
You may also have come across the acronym TLS, which stands for Transport Layer Security. TLS is an updated version of SSL introduced in 1999. However, most people still use the term SSL, even though, strictly speaking, they are now talking about TLS.
Does Every Website Need an SSL Certificate?
The presence of an SLL certificate triggers the padlock symbol in the address bar of internet browsers. And implementing SSL also removes the warning that a site is unsecured. As a result, many users only place their trust in websites with SSL certificates. So, an SSL certificate has become essential for almost any website. Search engines also rank sites with an SLL certificate higher than those without SSL encryption. So, SSL has a search engine optimization benefit as well.
What Are the Various Types of SSL Certificates?
Most website owners will only require a standard Domain Validated SSL certificate. However, there are several other types of certificates as well. Here’s a brief explanation of each of the various kinds of SLL certificates.
Domain Validated SSL
Domain Validated (DV) certificate is the most common type of SSL certificate. The domain owner can validate this type of certificate. And DV SSL certificates provide the security needed for most websites.
Organization Validated and Extended Validation SSL
Organization Validated (OV) and Extended Validation (EV) SSL certificates require more detail to obtain than DV SSL certificates. The business address and other information would need to be validated to get OV or EV certificates. OV and EV SSL certificates are also more expensive to obtain.
The level of security that OV and EV certificates provide is the same as a DV SSL certificate. And a visitor to a secured website would see no difference. So, there is little benefit from an OV or EV SSL certificate for most websites.
Single Domain SSL Certificates
As the name suggests, a single domain certificate will only secure one domain. Single domain certificates are what most people use.
Wildcard SSL Certificates
Wildcard SSL certificates cover the primary domain and any subdomains. Suppose you had set up the resources.mywesbite.com and store.mywebsite.com, for example. In that case, you would need a wildcard SSL certificate to cover both subdomains.
Multi-domain SSL Certificate
A multi-domain SLL certificate will cover multiple domains under the same IP (Internet Protocol address). This type of SSL certificate is also known as unified communication (UCC) certificate.
How Do You Get an SSL Certificate for a Website?
The major hosting providers provide SSL certificates as one of the services they offer. The cost of an SSL certificate can vary from around $50 per year for a single domain certificate to several hundred dollars for the other types of SSL certificates mentioned above.
There are also several third-party SSL certificate providers, including Instant SSL, Basic SSL, and GoGetSSL. SSL certificates from these suppliers will be cheaper, but they may need some technical knowledge to install and configure. On the other hand, SSL certificates provided by hosting companies are usually applied by the provider and require no input from the website owner other than placing an order.
Some website builder platforms, such as Wix and HubSpot, provide free SSL certificates with their web builder packages. Some hosting packages also include free SSL. There are also providers like Let’s Encrypt that provide free SSL certificates. But, as mentioned above, third-party SSL certificates, free or paid, may require technical knowledge to install and configure.
Do You Need an SSL Certificate for Your Website?
The simple answer to the above question is yes. And that answer applies even if you are not taking payments online or asking users to input any information. Without an SSL certificate, your site will be flagged as non-secure by web browsers. And that warning will scare many visitors away.
The presence of an SSL certificate also suggests that a website can be trusted. However, the truth is that an SSL certificate does not prove the trustworthiness or legitimacy of a website. Still, many internet users do consider SSL a green light to browse and trust a site.
Conclusion
So, to sum up, an SSL certificate encrypts the data passed between a website and the server. And the presence of a valid SSL certificate triggers the padlock sign in web browser address bars and removes the non-secure website warning.
Most websites will need a single domain, DV SSL certificate, the cost of which will be around $50 from a hosting provider. Or, if you have some technical knowledge, you could get a cheaper or free SSL certificate from a third-party supplier.
