If you’re building a website, there are a few things you’ll need to get started. To get a site up and running, all you need is a domain, a hosting platform, and a CMS (content management service). However, there’s one final component that often gets overlooked: an SSL certificate. To be honest, I didn’t get an SSL for my first site because I didn’t realize how important it was. This article will help you understand exactly what an SSL certificate is, the different types of SSL certificates, where to get one, and why you need one for your site.
What is an SSL Certificate?
A Secure Sockets Layer (SSL) is the technology for establishing an encrypted link between a web server and a browser. If a website address begins with HTTPS (the S standing for Secure), it means the connection between your browser and the website is encrypted. Encryption is first “hashing” data into a string of letters and numbers that a hacker would not understand if they intercepted the data. It might be helpful to think of it like this: SSL Certificates are like a secret handshake between web browsers and servers. When you connect to a secure webpage, the website’s SSL certificate is sent to your browser, and encryption allows data to be securely transferred between yourself and the website’s server.
Why Do I Need One?
Would you do business with a business you couldn’t trust? I wouldn’t either. An SSL certificate establishes reputability by taking measures to prevent hackers from intercepting any data or information a user might submit. Examples of data that might be compromised without SSLs are:
- Transactions & bank information
- Credit card information
- Usernames and passwords
- Contact information such as email address and phone number
- Search history
Additionally, in an attempt to make its users feel secure surfing the web, Google has taken strides at penalizing sites without an SSL certificate. They’re warning users by flagging non-encrypted websites as unsafe. This means that if you don’t have an SSL certificate, your URL bar will display a “Not Secure” message.
Google also gives ranking preference to websites with an SSL certificate. In 2014, Google updated their algorithms for the first time to favor sites with this additional protection. In 2015, Google stated that an SSL could serve as a tie-breaker if the quality between two sites is the same in all other categories (speed, title tags, etc.) Furthermore, at least 50% of sites listed on Google’s page one search results have an SSL. This number is rising every day.
Types of SSL Certificates
There are a variety of SSL Certificates you can choose from, their price points depending largely on the level of protection and warranty they also offer (here’s a list of almost every SSL Certificate). There are three main types of SSLs:
- Domain Validation (DV)
- Organization Validation (OV)
- Extended Validation (EV)
Within these three types of SSLs, you may have Wildcard or Multi-domain types. Wildcard protects the main domain and any sub-domain on that domain. Multi-domain protects a certain number of domains/subdomains with the same certificate. The amount of time it takes to process the validation of SSL certificates also depends largely on the type of certificate requested (higher validation such as an EV certificate takes longer).
Domain Validation (DV)
Domain validation is the lowest level of validation offered by an SSL but is enough to have a secure site. A site is verified by the Certificate Authority and verifies that the organization controls the specific domain. This verification is commonly done through email, and some domain registrars have a point-and-click solution to verify domain ownership immediately. To verify, you make changes to a DNS record or upload a file supplied by the Certificate Authority to the domain — demonstrating the ability to edit the DNS records is how the Certificate Authority can verify that the specific organization has control over the domain. These certificates are usually issued within a few minutes.
Organization Validation (OV)
Organization validation is the mid-level validation offered by an SSL. To validate, the Certificate Authority investigates the organization applying for the SSL. However, this is not a very rigorous investigation. They require validation of ownership of the domain along with the organizations’ information included in the certificate (name, city, and country). This process usually takes a few days and cost more due to the manual review process.
Extended Validation (EV)
Extended validation is the highest level of validation offered by the Certificate Authority. To qualify for extended validation, the Certificate Authority validates the ownership of the domain, organization information, physical location, and legal proof of the organizations’ existence. There are also specific documents required to verify the company’s identity. This is process can take up to several weeks and can be costly due to the rigorous verification required. You can tell if an organization has an EV by the organizations’ name in the search bar.
Where to Buy an SSL
You can purchase SSLs from a variety of places such as SSL stores and domain registrars. I bought mine through 101domain because I already have my domains parked there and their point-and-click solution to configure the SSL is very convenient (most big registrars usually have a point-and-click solution rather than having to edit your DNS records to connect your SSL). Having your SSL certificate with the same company that you purchased your domains through also makes it easier to manage both your domain and SSL in one central place.
This article hopefully illuminated the value of an SSL and its potential impact on your site’s security and brand reputation. You can add one to your site at any time, and it’s strongly encouraged to obtain a certificate if you don’t already have one, especially if you sell anything online or have digital forms for users to fill out (you might even see your sales jump a few percentage points!). If you still have questions about the ins and outs of an SSL, there are tons of resources on the web that can really get into the nitty-gritty technical stuff — hopefully, this information was useful for those newbies out there.