TL;DR: SSL certificates show that your security protocols are up to scratch. Without one on your website, it’s not safe to carry out financial transactions or share personal information. Below, we talk about the history behind them, their importance, and clear up common confusion.
- What is an SSL certificate?
- What difference does a letter make?
- Is it an SSL or TLS Certificate?
- Why are SSL certificates important?
Have you ever noticed that little padlock that appears to the left of your URL? This shows that your website is protected by an SSL (Secure Sockets Layer) Certificate. It may be small—but it’s a vital part of website security.
A website using an SSL certificate will enforce the data being transmitted from your browser to the server to be encrypted. This is why you should never carry out any type of transaction (monetary or submission of personal data) on a website not utilizing an SSL certificate.
What is an SSL certificate?
SSL certificates have become such a normal part of our browsing experience that we often overlook it. However, especially if you’re a business owner, it’s worth understanding where it comes from and how it protects both you and your customers.
Since the internet changes so quickly, the 1990s can feel like ancient history in developer terms. It was from this distant digital past that the now defunct web browser Netscape gave us the first SSL certificate, invented in 1995 using the MD-52 algorithm. Although the first versions weren’t overly successful (the first wasn’t even released), it became the forerunner of better versions.
The purpose was, as you’d expect, to secure transactions on web browsers when sharing any private information, financial or otherwise. Google places such importance on SSL certificates that in 2014 they launched a campaign called “HTTPS everywhere” to improve general security on the internet.
What difference does a letter make?
It’s not just the padlock that shows if your website is protected or not. Before your URL, you may have noticed it either has “http:” or “https:”—standing for HyperText Transfer Protocol and HyperText Transfer Protocol Secure, respectively. Essentially, the “https:” means that any data that is sent back and forth between your computer via a web browser to the website’s server will be encrypted.
If it’s just http: (no ‘s’), data will not be encrypted and sent in clear text.
The difference between the two is the security, which is made possible by SSL certificates that use public key infrastructure (PKI) and encrypt the data being sent. To put it simply, it means the server that hosts your website has a private key installed in order to properly encrypt and decrypt the data being sent and received. This ensures third party snoopers can not view that data. When your private key is in place properly, you’ll see that vitally important “S” at the end of the http—and the padlock in your browser address bar.
Is it an SSL or TLS Certificate?
It’s possible that you may have heard of the term TLS instead of SSL. While SSL stands for Secure Sockets Layer, TLS stands for Transfer Layer Security.
Now, this is where it gets a little tricky to understand. SSL versions 2.0 and 3.0 were both deprecated by the Internet Engineering Task Force in 2001 and 2015 because of vulnerabilities in the SSL protocols.
This means, as of this writing, you should be using TLS 1.3 as your protocol.
However, SSL certificates are not the same as protocols! Although it’s commonly called an SSL certificate, it’s more accurate to say it’s a certificate that can be used for SSL or TLS. The actual protocol you use is determined by your server configuration, not the certificates themselves.
There are many online tools you can use to check if you’re fully protected, such as SSLShopper’s one. Simply enter your website’s URL and it will tell you if there are any issues.
If you find you aren’t fully protected or have any other doubts about which protocol you’re using, contact your hosting provider and ask.
Why are SSL certificates important?
Security is, by far, the main reason you should make sure your SSL certificate is in place on your business website or that any website you visit has it. As we said above, if you don’t see https: before your URL or a padlock, you know right away that your data is not being encrypted and protected.
While the worst case scenario involves financial loss, it’s also worth mentioning that all the data you submit would be at risk without a certificate in place. This includes passwords, email addresses or any other personal details that may be submitted through the website.
Beyond the security aspect, having an SSL certificate is an important factor in your SEO rankings. Google has explicitly stated that they plan to rank protected websites higher than those without. In fact, Google’s Chrome browser will even greet visitors with a popup stating that the domain is unsafe.
Luckily, Let’s Encrypt was formed in 2014 providing access to free SSL certificates. The majority of hosting providers (including Watchdog Studio), are now able to easily provide SSL certificates as part of their basic security measures for clients. If you are still paying for an SSL certificate or your hosting provider doesn’t provide access to an SSL certificate, this is a major red flag. There really is no excuse. Our recommendation would be for you to consider a new hosting provider that has adapted and is looking out for your best interest.
If you have additional questions about SSL certificates or need help with your website security, we’re available for 1 hour consults.