While SSL certificates have been around for years, their popularity has exploded more recently. This is because the internet is becoming increasingly aware of security and data protection. But do you really need one for your website? Siruss explores what an SSL is, what it does, and why you would need one.
What Is an SSL Certificate?
SSL stands for Secure Sockets Layer Certificate. It is a digital certificate which authenticates the identity of an online entity and provides encrypted communication between an internet browser and a web server. An SSL certificate is essential for protecting sensitive data such as personal information, credit card details and passwords.
How Does It Work?
When a user accesses an SSL certified organisation, such as https://www.amazon.co.uk/ a secure connection between the user’s web browser and the web server will be initiated. All web traffic including any sensitive data will be encrypted.
Information sent from the web browser to the server may pass through numerous other servers along the way before it reaches its final destination, it is at these ‘stops’ that information is vulnerable to interception. An SSL certificate ensures that even if your data is intercepted by a third party, it cannot be read and allows for secure credit card transactions, data transfer, and logins. When a user connects to an unprotected website, web traffic passing to and from the browser and server is in plain text format – easily readable by a third party if intercepted.
Why Do I Need an SSL Certificate?
If you are an online retailer or your website stores sensitive customer information, you have a responsibility to protect their data. As more and more of the population opt for shopping online, it is becoming increasingly necessary for organisations to prove that they will protect sensitive information. Internet users need to feel secure when making purchases or sharing their details with your organisation – an SSL certificate is a good way of gaining consumer confidence.
How Do I Identify A Secure Connection?
When an online shopper makes a payment how can they be sure their sensitive information won’t be stolen and used by hackers? Users are able to verify their own online safety by checking for an SSL certificate. The standard SSL certificate displays the URL with ‘https’ instead of ‘http’ (the ‘s’ stands for secure), there will also be a padlock symbol:
Extended Validation (EV) SSL certificates show either a green address bar or green writing, depending on the web browser, and it also displays the company’s legal name:
If you're really cautious, you can find more details on the certificate by clicking on the padlock symbol:
Different browsers may display SSL certificates in varying ways. If a website address doesn't start with https:// or if there isn't a green padlock, the website isn't secure. The newer versions of Firefox and Chrome actually mark websites as insecure if a website doesn't have a certificate:
Different Types of SSL Certificates Available
There are three main types of SSL certification:
Extended Validation (EV)
EV is the highest grade of SSL certificate, it verifies the applicant’s right to use a specific domain name as well as conducting thorough checks of the organisation. It is suitable for Ecommerce, other sites storing personal details, or organisations where trust is a crucial factor, such as banks, etc...
It offers 2048-8 bit encryption and is issued in 3-5 days (the time needed to verify your organisation), it also provides the green bar and company name before the URL – an indicator of a high level of credibility and trustworthiness.
Organisation Validation (OV)
In order to issue an organisation with an OV certificate, the certificate authority (CA) checks the right to use a domain name as well as performing some vetting of the organisation. This certificate is suitable for Ecommerce sites and online organisations collecting personal information, it also offers 128-256 – 2048 bit encryption and is issued in approximately 24 hours.
Domain Validation (DV)
These certificates are issued almost immediately as the CA only checks the right of the applicant to use a domain name, no other checks are performed such as company information. It is suitable for testing sites, internal sites and non-Ecommerce sites.
What are The Benefits OF SSL Certificates?
Encryption of sensitive information and Authentication
The primary advantages of having an SSL certificate is the encryption of your sensitive information, ensuring it can only be read with an encryption key and not by third parties as it travels from browser to server. It also serves to authenticate the identity of the organisation.
Necessary for PCI standards compliance
In order to accept credit card details and payments on your website, you must comply with the Payment Card Industry (PCI) standards. One of the requirements is the correct use of SSL certificates to protect customer data as it is being transmitted to and from the web server.
The elements of SSL certification all work together, helping to create more trust between the consumer and the organisation. Secure websites provide online shoppers with the confidence that their sensitive information is secure and not open to the web. Customers are able to actively check whether a page is authentic or an imitation, providing a positive online shopping experience.
Enhances Brand Awareness
The secure site seal provided by most SSL issuers is an indicator of trust and security for visitors. The impression of a secure, authentic service on a web page can positively influence any potential customers, serving to strengthen and reinforce brand awareness.
Does an SSL Certificate Benefit SEO?
Back in 2014, Google confirmed that having a correctly installed and configured SSL certificate gives you a small ranking boost in their search engine. Search Engine Optimisers who have tested this have shown a moderate correlation with higher search rankings. Some search engines also flag up sites which are not secure, creating a negative impact on their traffic. In short, take this advice from Backlinko's study of 1 million Google search results:
Because the association between HTTPS and ranking wasn’t especially strong — and the fact that switching to HTTPS is a resource-intensive project — we don’t recommend switching to HTTPS solely for SEO. But if you’re launching a new site, you want to have HTTPS in place on day one.
Update August 2017 - Google Sends Warning Email to Webmasters
Only a month after we originally published this article, Google have started sending warning messages to website owners that have contact forms implemented on their website. In short, if you have a contact form on your website, Google Chrome will warn your visitors that the form is not safe to use. This will start in October 2017.
It's likely that other web browsers such as Internet Explorer will follow Google's lead too. Another interesting quote from the email is: "The new warning is part of a long term plan to mark all pages served over HTTP as 'not secure'." This means that https will likely become a basic requirement in the not-too-distant future. If you haven't yet received this email, you can read the full version below:
So, Do I Need An SSL Certificate?
If you run an online shop that takes payments, or a website that collects the personal details of your users such as email addresses or physical addresses, the answer is undoubtably yes. You must protect user data.
If you have a basic website that is already performing quite well in the search engines and doesn't collect personal data, then there's no need rush out and buy one right this second. However, with the new push from Google, you're better off planning to move to HTTPS as soon as possible.
If you're either relaunching a website, or launching a completely new website, then it's better to play it safe and go live with one installed. You will benefit from having a secure website in the long term.