An SSL (secure sockets layer) is a link between browser and web server that is encrypted through the use of a SSL Certificate. This Certificate contains identifying information that is unique to your site in order to establish a secure connection. SSL makes sure that the data doesn’t change and uses certificate authorization to make sure that the data between web server and browser are secure and accurate.
Imagine that you run a small business through your site. Then imagine that the data you need to obtain from your clients (addresses, phone numbers, payment method) is sensitive enough that if a third party were to obtain this information they could use it for malicious purposes and ruin the relationship, and – more importantly – their trust in your site and inevitably your brand.
One way to protect yourself is through the use of SSL Certificates. Being able to encrypt plain text is only one benefit of the SSL protection that is currently available. SSL Certificates make sure that the data that you are sharing from web server to browser is not only accurate, but also trusted. How an SSL connection works is rather simple: once you find the site on your web browser the browser checks the SSL Certificate to make sure that a) the data is not expired, and b) the data is accurate to the certificate that the site was issued to. This means that if a user accesses your site, for which you have issued an SSL Certificate, and another site has copied your site content and features in order to direct traffic away from your site without using such a SSL Certificate, that site’s inability to verify the validity of the content and security will cause your browser to issue a warning, indicating that the connection is not secure or not trusted. In addition, a site that does not use SSL protection will not include the added “S” behind the http://, and that https:// signifies a Certificate protected resource.
This gives an added benefit to your site, not only for security and protection against fraud, but also because sites with SSL Certificates appear higher on search results pages than those that do not. Google rewards sites that use SSL Certificates as they clearly establish a safer web experience for everyone, which is very valuable to your client base.
There are several key pieces of information required in order to install a valid Certificate. The first step is to request a CSR (Certificate signing request). Depending on which company that you choose to issue your SSL Certificate, the information required can vary, but there are a few key pieces of information that make up this request:
- Established domain name
- Organizational unit
- Email address
- Public key
There are different types of SSL Certificates, depending on what level of protection you require:
Wildcard SSL Certificates: These certificates use the same protection on your main site but also includes your subdomains. This is considered a high level of security
Extended Validation Certificate: This certificate uses in-depth security measures in order to validate security. This would be considered as one of the most significant SSL Certificate options for your site. On creation of this certificate, a significant amount of information (based on certificate publisher) is required to authorize your site for this level of certificate protection. EV Certificates not only require the basic authorization, but also exclusive rights to the site as well as authorized exclusive rights to request the SSL Certificate. In addition, there are checks on whether the site that is utilizing the SSL Certificate is active and registered, or included on government blacklists.
Whether you have a newly published site or an existing site, considering SSL Certificates is the first step towards protecting your clients and your data from web scammers.