What is an SSL & Why do I need one?
SSL Certificates also known as Secure Sockets Layer (SSL) is a security protocol used by Web browsers and Web servers to help users protect their data during transfer.
Now is the time when you need to buy one and have it installed in your website. Google wants the whole Internet to be secured. We agree, but website owners need to understand what this means for them so they can purchase the correct type of SSL.
You should take advice before buying as there are many alternatives.
SSL Certificates are small data files that digitally bind a cryptographic key to an organisation’s details.
In the case of a Web browser, SSL activates the padlock symbol and “HTTPS” and allows secure connections from a Web server to the browser.
SSL is a security protocol that:
- Protects user data during transfer.
- Digitally binds a cryptographic key to organisation’s details.
- Secures credit card transactions, data transfers, logon credentials, and more.
- Provides authentication of the business and/or domain.
How do SSL Certificates work?
This is the process that happens when browser software encounters a website with SSL:
- The browser software (Internet Explorer, Chrome, Safari etc.) attempts to connect to a Website secured with SSL.
- The browser requests that the web server identify itself.
- The server sends the browser a copy of its SSL Certificate.
- The browser software checks whether it trusts the SSL Certificate. If so, it sends a message to the server.
- The server sends back a digitally signed acknowledgement to start an SSL encrypted session.
- Encrypted data is shared between the browser and the server.
That’s the technical stuff over with.
The bottom line is that Google is on the war path against unsecured websites. Your website can lose its ranking or be flagged as NOT SECURE if you don’t get one installed by your developers.
What sorts of SSL are available?
There are many types of SSL available but for the purposes of this article I will outline the three most commonly used and the types of website that they are most suited for.
- Domain Validated (DV) Quick, basic certificates that only need to verify that a person owns the domain they need to protect before being issued.
Used on simple brochure websites that are not one of the main marketing activities of the company. Thawte is a popular provider of these (they have others as well).
- Organisation Validated (OV) More robust certificates that require a light company validation before being issued.
More suited to companies whose reputation and brand are important to them. GeoTrust is a good example. (Again all major providers do these types)
- Extended Validation (EV) The most premium SSL certificates that require a company to complete an extensive validation process before the certificate is issued.
Ecommerce websites and others who wish to be secured by a recognisable security certificate such as Norton (Symantec). (And you guessed it, the other CA’s – Certificate Authorities – also do these).
I know that there are other providers but I’m trying to keep things simple!
Which is right for you?
That’s not an answer that I can give here as there is a conversation to be had about the most suitable SSL for your business and your business website.
If you want more advice about this rather important development, then please get in touch with us for some free advice. We can even install an SSL into your website if you need one. Call 01746 769612.