What is SSL and Why It Matters to Your Customers
One of the most important parts of any business is creating trust between it and its potential customers. This is especially important for a business’s website in the era of data concerns. One way to show a website is a trusted environment where clients and potential customers can feel safe is by using an SSL (secure sockets layer) certificate to create a secure connection between the client’s browser and the business’ website.
What is SSL?
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private. SSL is an industry standard, used by millions of websites in the protection of their online interactions and transactions with customers.
What are the benefits to having SSL?
First and foremost the biggest benefit of having an SSL encrypted website is that it provides a level of assurance. It shows clients and customers that they can trust a website with their data. Visitors are more likely to give their information if they can see that a website connection is encrypted, and their web browser is labelling it as secure.
Another large benefit of having an SSL certificate is improved search engine rankings. Google has been aggressively pushing for a more secure web and in August 2014 they announced that HTTPS would be a lightweight ranking signal. This means that websites using SSL could increase their search ranking.
What having an SSL certificate means for a website
SSL allows sensitive information such as credit card numbers, login credentials, or other personal information to be transmitted privately through encryption. Without an SSL, data would be transmitted from the browser to the web server via plain text, which would leave the user vulnerable to eavesdropping. With an active SSL certificate, this data is encrypted and transmitted securely.
How can you tell which websites are SSL certified?
A secure website will have a lock icon beside the URL, and the URL will also start with https:// instead of http://
The most important part of an SSL certificate is that it is digitally signed by a trusted Certificate Authority (CA). Anyone can create a certificate, but web browsers will only trust a certificate issued by one on their list of Trusted CAs, known as the Trusted Root CA. In order to be added to the Trusted Root CA a company must comply with, and be audited against, the security and authentication standards set out by the browsers.
Do you have questions about the SSL certification process or need assistance getting your website certified? Everbrave is available to help with all SSL and website concerns, click here to receive a free website consultation with one of our digital experts.
Types of SSL certificates
There are 3 different types of SSL certificates ranging in price, complexity, and requirements to obtain. The 3 types of SSL certificates are Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV).
Domain Validated (DV) SSL:
In order to get a DV Certificate, the Certificate Authority will check the right of the applicant to use a specific domain name. They ensure that a company is what it says, and has control over the domain being submitted. If these conditions are met a certificate is issued (sometimes almost instantly) and can be used to secure a domain.
Who is a DV SSL necessary for?
This SSL certificate is ideal for websites that want all the benefits of being secured, without the effort of submitting company documents. A DV certificate will show the lock icons in all major browsers and should be enough for most companies.
Organization Validated (OV) SSL:
In order to get an OV certificate, a business will need to pass all the requirements for a DV certificate, plus it will also need to submit company information to the certificate authority. These to take a bit longer to get issued since all information has to be vetted by the CA. These appear similar to a DV certificate in the browser, but when the secure icon is clicked on, it will show this additional information that was vetted, creating an additional level of trust between the user and the website.
Who is an OV SSL necessary for?
This SSL certificate is best for at least midsized e-commerce businesses and organizations in more regulated industries where higher levels of trust are important. OV’s are usually used by corporations, governments and other entities that want to provide an extra layer of confidence to their visitors.
Extended Validation (EV) SSL:
To get an EV certificate the certificate authority will check the right of the applicant to use a specific domain, and will conduct a thorough vetting of the organization. This includes:
- Verifying the legal, physical, and operational existence of the company.
- Verifying that the identity of the company matches official records.
- Verifying the company has the exclusive right to use the domain specified.
- Verifying the company has properly authorized the issuance of the EV SSL certificate.
These certificates create the highest level of trust between the browser and the client, and not only show the lock icon in the browser, but will also list the company name beside it. The cost of these certificates is the highest, and the process to get one takes the longest.
Who is an EV SSL necessary for?
Generally, EV certificates are only needed for bigger e-commerce stores, and sites in regulated industries where it’s imperative to show the highest level of trust. Companies such as Google, Amazon, Apple, and E-bay all have EV SSL Certificates.
How to get an SSL certificate
Getting an SSL certificate for a website is not a difficult process, but it is one that takes technical know-how. For websites hosted in WordPress, the entire database needs to be changed to https and reuploaded. From there the certificate authority will check each page for security, errors, or mixed content warnings.
At Everbrave typically we use https://letsencrypt.org/, a certificate authority trusted by all major root programs. Let’s Encrypt has issued over 100 million certificates and will put a secure icon on the website.
TL;DR (too long, didn’t read)
- SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser, ensuring that all data passed between the web server and browsers remain private.
- An SSL secure website will have a lock icon beside the URL, and the URL will also start with https:// instead of http://
- SSL’s help to protect a site’s users as it allows sensitive information such as credit card numbers, login credentials, or other personal information to be transmitted privately through encryption
- Websites with SSL will have improved Google search rankings
- There are 3 different types of SSL certificates but the Domain Validated (DV) SSL is sufficient for the majority of websites
- https://letsencrypt.org/ is a popular website to get SSL certification but the process will still take some technical configuration
While a seemingly small detail, having an SSL can improve search rankings, a visitor’s willingness to provide information, and most importantly the safety of your web users.
Need more information about the SSL certification process or help to get your website certified? Everbrave is available to help with all SSL and website concerns.