SSL certificates are one of the most important security features of a website and are essential for any company that trades online. Surprisingly, however, over 38% of websites still don’t have an SSL certificate. Indeed, many owners are unsure of what they are, what they do and why websites need them. In this post, we’ll explain the answers to these questions and show you how easy it is to get one for your own site.
What is an SSL certificate?
An SSL certificate is a digital certificate attached to your website which carries out two functions: identity assurance and encryption. Before issuing an SSL certificate, a certificate authority will undertake vetting to check that the individual or business to whom the domain is registered is genuine. For some types of certificate, it will even check the physical location of the business. In this way, SSL certificates operate as a form of authentication, telling internet users that the site they are visiting is a legitimate one.
At the same time, an SSL certificate uses encryption to create a secure connection between your server and the user’s browser. This way, any data the user inputs on your website, such as debit card details, cannot be stolen.
How does an SSL certificate work?
When websites and browsers communicate, they use a method called Hypertext Transfer Protocol (HTTP) to transfer data across the internet. A website that has an SSL certificate uses a modified and more secure method called Hypertext Transfer Protocol Secure (HTTPS). The key difference between the two protocols is encryption.
The HTTPS process works like this:
- When the user attempts to visit your website, their browser will send a request asking the server your site is hosted on to identify itself.
- This request is answered when your server sends the browser a file containing your SSL certificate.
- The browser then checks the validity of the SSL certificate and, if trusted, sends an encrypted key to your web server.
- In response, your server decrypts the key and sends web content to the browser with a key.
- Using the encryption keys, data can be sent securely between the browser and the server.
Why do websites need an SSL certificate?
The need for SSL encryption lies in the fact that cybercriminals can get hold of data while it is in transit, for example, if the visitor is connecting to your website using an unsecured public wi-fi network that someone has hacked into. If your website has an SSL certificate, any data stolen would remain encrypted and so the hacker would not be able to access it. As a result, your customer’s banking details would remain secure.
Another reason websites that sell online need an SSL certificate is that payment gateways (companies which process online transactions) will require you to have one before they will offer you their services. While you don’t need SSL if you send your customers to a third-party website, such as PayPal, to carry out the transaction, if you want to accept card payments directly from within your site, they are a necessity.
Additional benefits of having an SSL certificate
SSL certificates don’t just protect your customers and enable you to offer a wider range of payment options; they also offer some important additional benefits. One of the most important is higher website ranking. As search engines want to ensure their users are safe, secure websites perform better in search results, especially when customers are searching for products and services. An SSL certificate can, therefore, increase the number of visitors your website gets.
What’s more, a second benefit is that when visitors do land on your website, the search engine will put a green padlock (security) icon next to your web address in the browser. Without an SSL, it will display an information symbol and the words ‘Not secure’. The importance of the green padlock should never be overlooked: it signifies that your website is verified as safe by the likes of Google and Microsoft and this gives visitors increased confidence to trust and buy from your company.
Together, these two additional benefits mean an SSL certificate can help you increase both visitors and sales.
How do you get an SSL certificate?
There are different types of SSL certificate offering different levels of validationand encryption. These are the basic Domain Validation certificate, the Organisation Validation certificate and the Extended Validation certificate.
Although originally only available as a paid service, since 2014, the certificate authority, Let’s Encrypt, has been issuing free Domain Validation SSL certificates as part of its aim to create a safer internet. You can install free Let’s Encrypt Domain Validation SSL certificates from within the ‘Domains’ section of most website control panels, like cPanel and Plesk. The more advanced Organisation and Extended Validation SSL certificates, which are paid for, can be installed for you by your web host.
An SSL certificate is essential for any business that wants its customers to carry out financial transactions on its website. Without one, you would need to send your customers to a third-party website, like PayPal, to do this. That said, an SSL certificate is advisable for all websites, regardless of whether they sell online or not. This is because it provides validation of your organisation’s legitimacy which, in turn, leads to higher search engine ranking and increased visitor trust.