An SSL Certificate is the way you connect securely to websites online. If you run a website and need to secure data as it transfers to your users, you need an SSL. As a user, it’s worth knowing a little bit more about how your data stays safe as it zips around the Internet.
What is an SSL?
SSL stands for “Secure Sockets Layer”, and it’s the security technology that ensures private data stays private as it moves between computers and servers on the Internet. Here’s an example of how SSL works, like you’re logging in to Facebook:
- Your browser sends a request for a secure connection to Facebook’s server
- Facebook replies by sending it’s SSL Certificate information to your browser
- The browser checks the data on the certificate: what Certificate Authority issued it, the encryption method, the date it expires, etc.
- If it trusts the information provided, the browser will respond and begin requesting the site – HTML, CSS, images, and the rest so it can show you how many likes your breakfast selfie has racked up.
- Now with a secure connection, Facebook’s servers and your computer can communicate without any other party reading what’s going back and forth.
Oh, and for all that back and forth, it’s pretty fast.
As a user, how do I know if the site I’m using is secure?
There are two things to check for. First, you’re probably used to seeing URLs begin with “http”, but a URL that begins “https” indicates that you’re requesting a secure connection. Second, there should be a small lock icon next to the URL (sometimes it’s green). If you want to see more details about how your data is being secured, you can click on the lock icon and more information will be displayed.
What if the connection is unsafe, or the SSL Certificate is not valid? You’ve probably seen the result as you’ve browsed the web. (By the way: this is one reason that setting the date correctly on your computer matters – it your computer thinks it’s 2020, it’ll say everyone’s certificate is expired!)
Only legal entities can be issued SSL Certificates, so you can be sure that if you trust the company you’re communicating with, and the SSL is in place, you can be confident your connection is safe.
Do I already have an SSL on my site?
If you don’t know, the easiest way to check this is to go to the site and use the method above.
What kinds of sites typically have SSL?
Any site that deals with sensitive information that you want to make sure no unauthorized users have access to. For example, all e-commerce sites are required to have an SSL before they can take credit card information (to meet what’s called “PCI Compliance”). Any site that has a user login system where someone is required to enter a password should also be using an SSL, so email, social networks, or banking systems need to have them in place. Basically anytime a user enters data that you don’t want to give away to everyone else, an SSL is one of the ways to keep it safe.
My site doesn’t accept any user inputs or e-commerce. Do I still need an SSL?
Not necessarily, but it probably wouldn’t hurt. There’s a movement to take the entire Internet to SSL, and a group called LetsEncrypt has launched a public beta to supply free certificates, so if you’re interested but turned off by the price, that might be worth looking into. The other reason we’ve seen NOT to do it is if you’re using third party systems like Content Delivery Networks (CDNs) or off-domain resources that aren’t included with SSL, your user’s browser may indicate the connection is not secure. If you don’t need it, it would be better to have no certificate than a rejected one.
How do I get an SSL
Buy one through your host or add one through a third party. Prices vary widely, so shop around and figure out what you need. Typical SSLs only apply to one subdomain of your site, so if you have multiple subdomains to cover you could opt for a Wildcard SSL which could cover all of them. Or the mega option, a San Cert which can cover multiple domains. There are lots of choices and places to buy one, and your host or web vendor can help you identify which one makes the most sense for your particular situation.
If you’re ready to move on from worrying about your website, Skyhook Interactive offers premium WordPress web hosting and maintenance packages to keep your web presence healthy and strong. Contact us for more information.