What is an SSL Certificate; why is it necessary for a website?

When you visit a website, have you ever noticed some have a lock right next to the web address? Have you asked yourself what that is? Also, some websites say HTTP and others HTTPS.  Have you asked yourself what that is about?

 

Let me explain:

What is an SSL Certificate?

An SSL certificate (Secure Socket Layer) is a security layer with two functions:

1. Authentify a website’s legitimacy
2. Encrypt the data sent between servers

 

Why an SSL Certificate is necessary?

The main reasons are:

1. Protect data sent between servers
2. Increase web positioning on search engines
3. Offer security to the visitors and enhance credibility for the company

 

What are types of SSL Certificates; which one for which kind of website?

Depending on the kind of website (informative, blog, e-commerce, e-learning, others), different types of SSL certificates provide different types of protection to cover the necessities.

Types

Basic	UCC SAN	Wildcard
Domain validation Shared SSL certificate Same-day installation	One domain validation Shared SSL certificate Same-day installation	Domain validations Sub-domains validation Organization validation Dedicated SSL certificate Installation in 2 days

Warranty

Depending on the SSL certificate provider, the insurance can cover damages up to 1 million dollars.

 

How does an SSL Certificate work?

1. When we visit a website, at a web address (e.g.: itedup.com), the browser asks for the files from the required website made through an HTTP (Hypertext Transfer Protocol) request.
2. When the request is made, an HTTP connection is established with the website’s server. The server then sends the files requested and it is at this time that the browser displays the website we want to see.
3. When the website has an SSL certificate, the browser can read certain credentials from the website, such as:
   1. The certificate’s holder name
   2. The certificate’s serial number and expiring date
   3. A copy of the public key of the certificate’s holder name
   4. The digital signature of the authority that issues the certificate
4. The browser checks these credentials and establishes a secure connection with the website’s server HTTPS (Hypertext Transfer Protocol Secure).
5. The visitor receives the files and visualizes the website in the browser with a secure connection with the website’s server.
6. When a user within a website sends any data, these are coded by a SHA2 and encrypted from 128 to 2084 bits. Some providers offer 3072 and up to 4096 bits encryption.

 

What are the risks for not having an SSL Certificate?

For the website

• The search engines give ranking priority to websites with an SSL certificate installed. This can result in the website being pushed to the last pages.
• The data sent within the website can be intercepted by hackers. This can violate the privacy of the website users’ data.
• The website appears as not safe for the user, and therefore is easily abandonned.

For the user

• Fall into a website that executes spam campaigns
• Be a scam victim
• Fall into a website that steals their personal data

 

How much does an SSL Certificate cost; what do I need?

Cost

Providers offer SSL certificates with basic protection from $0 up to $300 dollars a month. That’s right, $0 dollars..

Requirements

1. Website
2. Business email address
3. Installation

 

How do I get an SSL Certificate?

Many providers on the web offer free SSL certificates with basic protection and give the steps to follow for installation.

Some of these providers are:

• Cloudflare
• Godaddy
• HostGator
• Neubox