SSL Certificates – All You Need To Know

SSL Certificates

all you need to know

SSL Certificates is an acronym that every single site owner should know about and what it means.

What Are SSL Certificates?

If SSL is a new concept, don’t sweat it – I have all the details so you can keep your site secure, follow best practices, and install an SSL certificate easily and free.

Secure Sockets Layer (SSL) is a protocol used to secure and encrypt communication between computers. While you may not realise it, you’ve probably seen this before.

Take a look at the address bar of your computer, next to the URL. If you’re using Chrome or Firefox, there’s usually a little green padlock and the word “Secure.” Safari also uses a padlock, but it’ll be grey. Here’s an example of a warning screen on Firefox Mobile:

ssl certificates screenshot

Before I go too much further, let’s get the technical details out of the way. At the heart of SSL is asymmetric (or public-key) encryption that requires each party to generate public and private keys.

Think of it like a lock on a door: Anyone can walk up to a door, inspect the lock, and even try to open it with their key, but only the correct key will unlock it.

In this analogy, the door locks are public keys because they’re visible and public. To unlock the public key, you need a private key. Without both keys, secure encryption is not possible.

On top of that SSL, has one extra element: a certificate authority or CA. Certificate authorities, such as Let’s Encrypt, RapidSSL, or InstantSSL, issue SSL certificates and verify their authenticity.

You’ll need to get a certificate from a certificate authority to utilise SSL. Certificate authorities have what is known as a root certificate or what is effectively the master certificate — all certificates under the master certificates are then secure, trusted and validated.

If you buy a certificate from Let’s Encrypt, browsers will use their root certificate to check whether yours is legitimate when they connect to your server. End users don’t usually see the encryption process because most of the work is behind the certificate authority scenes.

An SSL connection works just like a public key exchange but with the addition of the CA to make sure the server you’re trying to get data from is legitimate.

Here’s What Happens During an SSL Connection:

  1. You (the user) navigates to a secured web page, and your computer reaches out to that server.
  2. The server responds with their public certificate (same as a public key).
  3. Your computer checks the certificate to make sure it is valid and issued by a trusted CA.
  4. Assuming the certificate is valid and authorised, your computer uses the server’s public certificate to generate a random key and encrypts your request (all of the data you want from the website), then sends the request and the randomly generated key to the server.
  5. The server decrypts the data and responds by encrypting its message with your randomly generated key.
  6. The process repeats until your session ends.

When Should You Use SSL?

In the past, SSL was essential for one particular reason: encrypting communication and securely storing information. In the past, it was beneficial (and essentially required) for eCommerce stores or sites handling sensitive information.

As a site owner in this day and age, it is essential because you don’t want any information to be compromised. Plus, you want to offer your users a stellar experience. SSL will help you do that.

Another benefit of SSL is that it helps to build trust with your users. Before installing an SSL certificate on your site, you have to answer a few questions about your website and business (if you are a business).

The certificate authority (the company you buy the certificate from) will verify that you are indeed the website and business you say you are. When everything is confirmed, your site has SSL installed; your users can trust that you’re a legitimate company that won’t steal their information.

SSL Certificates – Search Engine Optimisation

There’s one final reason SSL is essential for your website- Search Engine Optimisation (SEO).

Google has started flagging sites that store passwords or credit card information without SSL as insecure as part of a long-term plan to mark all websites without SSL as insecure.

That’s a massive initiative, and if your site doesn’t have SSL installed, it could seriously hurt your traffic and conversions.

You can tell by looking at the URL if an SSL certificate is in place. In Chrome and Firefox, there’s usually a little green padlock with the word Secure. Safari has a grey padlock next to the site name. The following example is from Firefox Desktop.

ssl certificates screenshot

You can also tell by looking at the beginning of the URL itself. A non-secure website will use HTTP, while a secure site will use HTTPS.

In Chrome and Safari, either an information symbol or red warning symbol will pop up for not secure sites.

unsecure ssl certificate screenshot

As you can see, these errors are not something you want your users to see on your site. Luckily, there’s a super easy fix to make your site secure and get rid of that message.

The web is moving towards a more secure place, which means that no matter what type of site you’re running, having an SSL certificate installed will help your site thrive.

SSL keeps your information secure, helps to build trust with your users, and keep your site current with industry standards. So, how do you one?

How To Add An SSL Certificate To Your Site

In the past, installing an SSL certificate was a bit of a juggling act. You’d have to buy it from a certificate authority, tell your hosting company about it, share information with both parties, and then the issuer could activate it.

That’s not the worst system, but it’s not the smoothest either. Another option that may be easier is working with your hosting provider. Many hosts offer SSL certificates that are relatively easy to install or may come free or discounted.

For example, if you host your site with Kevin Oliver Web Design, I take care of the whole thing and zero additional cost.

If you decide to install an outside SSL certificate on your existing host, it is a bit of a different process, and it might vary a little depending on who your host is.

Instructions are too broad to mention here because each hosting provider does things differently and uses various SSL issuers.

Again, with my website hosting, I take care of everything. All I will need from you are some details required by the issuer.

No matter how you go about installing an SSL certificate, your site must have one in place.

Not only will it build trust with your site visitors, but it’ll keep your site’s information secure and keep it performing well in Google searches.

SSL Certificates – Conclusion

Implementing SSL Certificates might be a challenge if you have little to no experience. But, two things are certain: First, SSL Certificates are imperative and, second, I can help you.

Contact

If you’d like help with your website security, get in touch.

(All fields are required because those spammers are a pesky bunch)