Protect online transactions and personal data.
- Ensures that sensitive data transmitted through the website remains confidential and protected.
- Authenticate the identity of the website, assuring visitors that they are interacting with a legitimate and trustworthy entity.
An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser.
Companies and organizations need to add SSL certificates to their websites to secure online transactions and keep customer information private and secure.
In short: SSL keeps internet connections secure and prevents criminals from reading or modifying information transferred between two systems. When you see a padlock icon next to the URL in the address bar, that means SSL protects the website you are visiting.
The process works like this:
- A browser or server attempts to connect to a website (i.e., a web server) secured with SSL.
- The browser or server requests that the web server identifies itself.
- The web server sends the browser or server a copy of its SSL certificate in response.
- The browser or server checks to see whether it trusts the SSL certificate. If it does, it signals this to the webserver.
- The web server then returns a digitally signed acknowledgment to start an SSL encrypted session.
- Encrypted data is shared between the browser or server and the webserver.
SSL certificates can be obtained directly from a Certificate Authority (CA). Certificate Authorities – sometimes also referred to as Certification Authorities – issue millions of SSL certificates each year. They play a critical role in how the internet operates and how transparent, trusted interactions can occur online.
The cost of an SSL certificate can range from free to hundreds of dollars, depending on the level of security you require. Once you decide on the type of certificate you require, you can then look for Certificate Issuers, which offer SSLs at the level you require.
Obtaining your SSL involves the following steps:
- Prepare by getting your server set up and ensuring your WHOIS record is updated and matches what you are submitting to the Certificate Authority (it needs to show the correct company name and address, etc.)
- Generating a Certificate Signing Request (CSR) on your server. This is an action your hosting company can assist with.
- Submitting this to the Certificate Authority to validate your domain and company details.
- Installing the certificate they provide once the process is complete.
- Once obtained, you need to configure the certificate on your web host or on your own servers if you host the website yourself.
How quickly you receive your certificate depends on what type of certificate you get and which certificate provider you procure it from. Each level of validation takes a different length of time to complete. A simple Domain Validation SSL certificate can be issued within minutes of being ordered, whereas Extended Validation can take as long as a full week.
Websites need SSL certificates to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and convey trust to users.
If a website is asking users to sign in, enter personal details such as their credit card numbers, or view confidential information such as health benefits or financial information, then it is essential to keep the data confidential. SSL certificates help keep online interactions private and assure users that the website is authentic and safe to share private information with.
More relevant to businesses is the fact that an SSL certificate is required for an HTTPS web address. HTTPS is the secure form of HTTP, which means that HTTPS websites have their traffic encrypted by SSL. Most browsers tag HTTP sites – those without SSL certificates – as “not secure.” This sends a clear signal to users that the site may not be trustworthy – incentivizing businesses who have not done so to migrate to HTTPS.
An SSL certificate helps to secure information such as:
- Login credentials
- Credit card transactions or bank account information
- Personally identifiable information — such as full name, address, date of birth, or telephone number
- Legal documents and contracts
- Medical records
- Proprietary information
The easiest way to see if a site has an SSL certificate is by looking at the address bar in your browser:
If the URL begins with HTTPS instead of HTTP, that means the site is secured using an SSL certificate.
Secure sites show a closed padlock emblem, which you can click on to see security details – the most trustworthy sites will have green padlocks or address bars.
Browsers also show warning signs when a connection is not secure — such as a red padlock, a padlock which is not closed, a line going through the website’s address, or a warning triangle on top of the padlock emblem.
SSL certificates do expire; they don’t last forever. The Certificate Authority/Browser Forum, which serves as the de facto regulatory body for the SSL industry, states that SSL certificates should have a lifespan of no more than 27 months. This essentially means two years plus you can carry over up to three months if you renew with time remaining on your previous SSL certificate.