n the computer world, it means Secure Sockets Layer.Have you ever noticed that some URLs start with http:// while others start with https://? That extra “s” means that your connection to that website is secure and encrypted; any data you enter is safely shared with that website.
The technology that powers that little “s” is called SSL. The “s” stands for “secure.”
SSL and its successor, TLS (Transport Layer Security), are protocols for establishing authenticated and encrypted links between networked computers.
Although the SSL protocol was deprecated with the release of TLS 1.0 in 1999, it’s still common to refer to these related technologies as “SSL.”
What does SSL do?
When you land on a website page that has a form, after that form is filled in and you hit “submit,” the information you just entered can be intercepted by a hacker if the site is not secure.
This information could be anything from details on a bank transaction to information you enter to register for an offer.
A hacker places a small, undetected listening program on the server hosting a website. That program waits in the background until a visitor starts typing information on the website, and it will activate to start capturing the information and then send it back to the hacker.
But when you visit a website that’s encrypted with SSL, your browser will form a connection with the web server, look at the SSL certificate, and then bind together your browser and the server.
This binding connection is secure so that no one beside you and the website you’re submitting the information to can see or access what you type into your browser.
You need an SSL Certificate
If you want your website to look legitimate and trustworthy, then you need an SSL certificate.
You especially need it if you’re selling something online or allowing users to create accounts with your company.
Some other benefits of having SSL
It will elicit a stronger Google ranking.
It creates safer experiences for your customers thus building trust and improving conversions.
It protects both customer and internal data.
It increases the security of your mobile and cloud apps.
Three main types of SSL certificates
There are three main types of certificates:
· Domain validated (DV)
· Organization validated (OV)
· Extended validation (EV)
Any certificate will provide the same level of protection, no matter the type of validation. But some authorities might require a specific level of validation to use certain services.
For example, a payment system requires much more validation than a plain domain certificate.
This is because it’s important to verify that the company collecting funds legally exists as a registered business.
Domain Validated SSL Certificates
Domain Validated SSL Certificates show that a domain is registered and that a site administrator is running the URL.
The certificate authority can typically validate through email, DNS, or HTTP. Domain Validated Certificates are encryption certificates only. All you have to do to obtain one is to prove you’re the owner of the site.
They are easy to obtain. They’re inexpensive. It only takes a few minutes to obtain one.
They aren’t as secure as other SSL certificates. Any hacker can obtain a Domain Validated SSL Certificate and then hide their identity.
Because of this, visitors might not trust your site as much as they would if you had a certificate that forced you to validate your company.
Potential buyers might not feel comfortable handing their payment information over with this kind of certificate.
Organization Validated SSL Certificates
The Organization Validated SSL Certificate shows that you own a domain while also verifying that you own an organization in a particular country, state, and city.
The process for obtaining one of these certificates is exactly like getting a Domain Validated Certificate, but you have to take some extra steps to verify your company’s identity.
It doesn’t take too long to obtain this kind of certificate: anywhere from several hours to several days.
These kinds of certificates also show your company’s information in the certificate details.
For consumers, having this extra information might seem a bit more legitimate, leading them to be more likely to make a purchase.
Extended Validation SSL Certificates
The Extended Validation SSL Certificate requires businesses to provide even more records to prove their ownership of a company.
This certificate gives you the same kind of validation as both domain and organization validated certificates, but it also proves that you have legally registered your company as a business.
In addition to this, it also shows that a company is aware of the request for an SSL certificate and approves it.
This validation can take days or weeks, depending on what the certificate authority requires.
This one requires you to provide documents certifying your company’s identity as well as some other bits of information.
You can easily identify these kinds of certificates by the green bar in your web browser that contains the company’s name, like PayPal.
The certificate authorities only grant these kinds of certificates after they have received documents that prove two things: the operational existence and location of a company and the consistency between those records.
After that, the organization that issues the certificate will issue the proper authorization to the company and the website.
For these reasons, this is the most secure type of SSL certificate when it comes to validation level.
What you’ll need to have before buying an SSL certificate
You will need a unique IP address. Because of the way that the SSL protocol was set up, you will need a separate IP address for each certificate that you want to use. If you don’t, some older devices and browsers won’t be able to use your site.
You will need a CSR (certificate signing request), a piece of text that must be generated on your web server before ordering the SSL certificate. The certificate authority will use the information contained in the CSR (Organization name, domain name, public key, etc.) to create your certificate.
You will need correct contact information in the WHOIS record. When you purchase a certificate for a particular domain name, the certificate authority needs to ensure that you own the domain name that you are getting the certificate for and that you are authorized to order the certificate.
You will need your business’ validation documents. If you are buying a high-assurance certificate, your business must also be validated. Certificate authorities often check government databases online to verify that your company is registered, but they may still need you to send a government registration document if they can’t find your business.
Each certificate authority has slightly different requirements for validation.
Getting SSL for your website
Submit the CSR and other information to a publicly trusted certificate authority (such as SSL.com).
Have your domain and company validated.
Receive and install the issued certificate.
SSL certificates give you a huge advantage online. They’re especially important if you’re selling products or services.
They provide customers with confidence that you’re protecting their information and that you care enough to make it secure.
Certificates also prove to users that they can trust you as a business and believe that you are the company you say you are, rather than an impostor.