A Secure Sockets Layer or SSL is a certificate that protects sensitive information and provides security to your website.
What does an SSL certificate do?
An SSL certificate authenticates a website and encrypts the information transferred between the website and its server. By encrypting this information, the SSL certificate scrambles the data into a format that can only be read by authorised users. Essentially, an SSL certificate “locks” the information sent between your web browser and server so that it can only be read using a “key”. SSL encrypted websites have URLs that begin with HTTPS.
You’ve likely noticed that almost every website you visit starts with one of two acronyms: HTTP or HTTPS, but you might not know what they mean.
HTTP stands for HyperText Transfer Protocol. This protocol acts as a guide or convention for how computers communicate with each other and transfer information. HTTP websites are vulnerable to attacks, hacks and malware.
HyperText Transfer Protocol Secure or HTTPS is more secure than HTTP. The transfer of hypertext is encrypted making it more protected and secure. Many web browsers such as Chrome and Internet Explorer signal HTTPS with a padlock icon.
Why do I need an SSL certificate?
There are three main reasons to use an SSL certificate for your website: better security, increased sales and improved Google rankings.
How to get an SSL certificate
SSL certificates are included in some web hosting plans. If your web hosting plan does not come with a free SSL certificate, contact your hosting provider to ask about adding an SSL certificate to your site. You can also purchase an SSL certificate directly from an SSL provider. Prices will depend on the provider, length of certification, level of protection and number of domains you wish to protect.
How to choose an SSL certificate
Choosing the right SSL certificate for your website depends on the type of website you have. Ecommerce sites and businesses storing sensitive information require high levels of protection and extended validation certificates while small sites and personal blogs can use basic SSL certificates. SSL certificates are available in the following three levels:
- Domain validation: Domain validation is the lowest and least expensive level of cover. This SSL certifies that your organisation or company has control of your domain. Most free SSL certificates are for domain validation.
- Organisation validation: This level of SSL certificate includes a basic investigation into your organisation. Organisation validation comes with a higher price tag and a longer application and verification process than domain validation.
- Extended validation: Extended validation is the highest and most expensive level of SSL certificate and involves a rigorous investigation of your company. This level of validation will give your website a green address bar to indicate the security of your site and organisation.
Consider the following additional features when choosing a trusted SSL certificate for your site:
- Price. While you undoubtedly want to keep costs low, the cheapest SSL certificate may not be enough to cover your site if you collect private data such as credit card numbers.
- Number of domains covered. Most low-cost SSL certificates only cover one domain name. If you want to protect multiple domains, you may need to pay more for a higher level certificate.
- Refund policy. Some SSL certificates include a money back guarantee for a certain period of time.
- Type of site seal. A site seal can display your SSL certificate on specific pages of your website.
- Warranty. A warranty helps protect your company if your SSL fails or something goes wrong with your SSL provider.
How to install an SSL certificate
Installing an SSL certificate generally involves the following four steps:
- Update your WHOIS record. WHOIS stores the contact information for all registered domain owners. This information will need to be correct in order to get your site SSL certified.
- Create a certificate signing request (CSR). A CSR is encrypted text containing your identifying information and digital signature. You will need to submit this CSR to a certificate authority to apply for your SSL certificate.
- Validate your domain and business. The certificate authority will need to verify your information before issuing you an SSL certificate. This can take from just a few minutes up to a few weeks depending on the level of verification your certificate requires.
- Receive and install your SSL certificate. Specific instructions to install your SSL certificate will depend on your server or device.