You’ve probably heard of SSL in one guise or another? Perhaps you’ve seen it mentioned at the checkout of an online shop where the small print states that payments are protected by 256-Bit SSL Encryption. So, what exactly is this and why do you need it on your website?
What Is SSL and What Are SSL Certificates?
SSL stands for ‘Secure Socket Layers’. These are encryption protocols which secure information transmitted on the internet.
An SSL Certificate is essentially a digital passport that initiates a secure session with a website user’s browser via the SSL protocol. This secure connection cannot be established without first having an SSL certificate installed.
How Does an SSL Certificate Work?
There are 5 steps taken to secure traffic between a user’s browser and the server:
- The browser (e.g. Chrome or Firefox) requests a connection to a website that has been secured with SSL. The browser asks the website to identify itself.
- The website (or more accurately the web server on which the website is hosted) sends the browser a copy of its SSL certificate.
- The browser checks whether or not this certificate can be trusted. If the certificate is valid it communicates this with the web server.
- The web server then sends back a digitally signed message that confirms an SSL encrypted session between the web browser and the web server can begin.
- Encrypted data can then flow freely between the web server and the web browser.
Thanks to this encryption, if any of this traffic is intercepted mid-way between the web browser and web server, it will be unreadable.
Do All Websites Need an SSL Certificate Installed?
It’s commonly thought among website owners that only e-Commerce websites need an SSL certificate installed. Traditionally this would have been the correct assumption. However, in 2020 it is all but mandatory to install an SSL certificate for your website no matter what kind of site it is (and whether it is large or small). This is because Google Chrome and other web browsers now mark websites that don’t have an SSL certificate installed as ‘Not Secure’.
With website users ever more vigilant about their personal privacy and security this ‘Not Secure’ message can prove to be quite unsettling and may result in them choosing to leave your website without browsing it.
Not only that but Google may impose a ranking penalty on your website if it’s not secured with an SSL Certificate.
Finally, if your website has any sort of form or text input fields on it and the website browser is using Chrome it will not allow this data to be submitted unless the website is secured with an SSL Certificate.
As such, installing an SSL certificate on your website has to be a top priority for 2020. Google previously tried to gently push website owners towards securing their websites but have clearly decided to now play hardball in a drive to ensure 100% of the world’s website traffic is encrypted.
Types of SSL Certificates
Perhaps confusingly, there is more than one type of SSL Certificate available to website owners. These are:
- Extended Validation Certificates (EV SSL)
- Organization Validated Certificates (OV SSL)
- Domain Validated Certificates (DV SSL)
Very briefly the main differences between the certificate types are as follows:
Extended Validation Certificates (EV SSL)
EV SSL Certificates are the most costly and time-consuming certificates to acquire as the applicant needs to run through an extended validation process to confirm their organization information, physical location, and legal existence of the company. The organization is also asked to confirm that they are aware of the SSL certificate request and then approves it.
Cost – depending on the provider anything from $50/year to $500/year upwards.
Organization Validated Certificates (OV SSL)
This type of certificate offers a medium level of validation for the end user. The organization applying for this type of certificate is authenticated to ensure it is genuine. It can take a few days for this validation to be completed.
Cost – depending on the provider anything from $20/year to $150/year upwards.
Domain Validated Certificates (DV SSL)
These are the easiest type of certificate to obtain (and the cheapest). Verification is normally carried out by email and the time taken to validate and ‘go live’ can be as little as a minute or two. A popular provider of these is an organization called ‘Let’s Encrypt’ (more on them later!).
Cost – depending on the provider anything from free to $10/year upwards.
So why are there different certificate types? Essentially all the certificates carry out the same basic function (which is to allow an encrypted connection between a web browser and a server). Extended Validation certificates (for example) however demonstrate and higher level of authenticity to the end-user (the customer) which is communicated via messages within the browser bar. These types of certificates are used by banks and other high-risk businesses where security is of particular importance.
For a ‘standard’ website however (such as a brochure site for your business), a DV or Domain Validated certificate is more than adequate and will certainly tick the right box from the Google perspective!
How to Install an SSL Certificate
Just a couple of years or so ago, installing an SSL certificate required a reasonable degree of technical knowledge and also some cash as you needed to purchase an SSL certificate. Now, thanks to the increasing ubiquity of SSL, most mainstream hosting providers will offer SSL Certificates and an easy way to install them as part of their hosting package.
In fact, as SSL certificates are now so important, I’d suggest you move away from any hosting provider that doesn’t offer easy SSL setup. There is simply no merit in you wresting with the potentially complex and time-consuming process that would be involved with manually installing an SSL certificate when this process should be easily automated by your web host.
This brings us neatly onto Let’s Encrypt. As discussed, SSL certificates can cost anything from $500 upwards right down to free. For most of us, a free SSL certificate is likely to be music to our ears. Thanks to an organization called Let’s Encrypt, easy to use and free SSL certificates are now available to everyone!
Whist you can still choose to purchase an SSL certificate, most (good!) hosts now provide the opportunity for you to request and activate an SSL certificate for your website via their hosting dashboard. Let’s Encrypt is the organization which validates and issues these certificates and, as mentioned, they are completely free of charge.
SSL on Pressidium
Perhaps you won’t be surprised to hear that Pressidium supports SSL certificates on all our websites. You can either import your own SSL certificate (purchased from a third party) or install a free Let’s Encrypt certificate. This process can be completed during the domain setup phase from within the Dashboard and is super quick and easy! Our platform also allows you to force redirect traffic to HTTPS ensuring that your website users only browse the secured version.
If you have yet to install a certificate on your website then the time to do it is now! If you’re a Pressidium client and would like help with this process please feel free to open a support ticket from within your Dashboard and one of our team will be only too happy to help guide you through the process further.