New site owners often ask, what is an SSL certificate, and why you need one? It’s all to do with online security. SSL or Secure Socket Layer certificates are tiny data files with a big function.
Internet security should concern everyone, from individuals to large corporations.
There are three critical reasons to embrace SSL certificates:
- Data encryption
- Authentication and Verification
- Instils trust in web users
How data encryption works
Both the above protective measures look after the good guys online. You can think of data encryption as the digital equivalent of real-world doors and locks. It’s the online key that locks and unlocks your data, and that key is unique to you. No one can intercept or read encrypted information other than the intended recipient.
Authentication and Verification
Businesses that don’t offer visual security features online lose out to those who do. SSL authentication shows potential customers online who they’re dealing with. There are three ways to check that a site is secure, namely:
- A small padlock symbol to the left of the URL.
- HTTPS:// before WWW
- Symantec™ Secured Seal trust mark
Visual confirmation of a valid SSL certificate
Let’s start with the common padlock symbol.
No one should trust any website or blog that collects personal data without the padlock symbol.
Below is an example of one such website. It reads ‘Your connection to this site is not Secure’ when you click the warning text. This message is in contrast to the secure site above.
The grey or green padlock symbol is not the only way to check. Websites that have valid SSL certificates from a trusted CA will have a moniker before WWW that reads HTTPS://. It stands for Secure HTTP. If there’s no ‘S’ after HTTP, then the site lacks SSL security.
The full website URL is not always visible in the address bar. In that case, look for the padlock.
Some websites also display the Symantec™ Secured Seal trust mark.
Any of these three visual indicators tell you the site is safe to use and protects user’s data.
Why Trust SSL?
The criteria used by a trusted Certificate Authority (CA) to vet SSL certificates are stringent. Encrypted data is scrambled, which makes it incomprehensible until it reaches the recipient. To put it another way, data would mean nothing, even if it were intercepted by bad actors. Thus, websites and stores using SSL certificates gain the trust of their clients and customers.
Uses for SSL Certificates
Online platforms must transmit data securely and therefore need SSL certificates. That covers all websites and eCommerce stores that ask for personal information. Think credit card details, personal identity, medical records, and so on. It matters because bad actors can easily steal sensitive data from sites that don’t have SSL defence.
Here are 5 common uses for SSL certificates:
- Secure data between websites and customer/visitor’s browsers
- Secure internal communication on company intranets
- Secure send/receive email communication
- Secure data between servers
- Secure data transmitted to and from mobile devices
Not all SSL Certificates Are Equal
Not all SSL certificates are equal, and some offer better protection than others. The self-assigned ones are generated for internal use and not issued by the CA. They carry less weight than the CA verified types because site owners produce them. There are also entry-level domain-validated certs. These are issued once the applicant proves ownership of the website address.
Fully-authenticated high-security SSL certificates take longer to obtain. The applying company must pass the required validation checks and procedures. That includes proof that the business is genuine. All Symantec (formally Verisign) SSL Certificates are fully-authenticated.
The final section looks at matching the SSL certificate with the type of website.
How to Choose the SSL Certificate for Your Site
You can determine the type of SSL certificate to use by the website you run. Also, think about the level of security you need to offer site visitors.
There are three basic categories of SSL certificates to consider.
- Domain Validated (DV)
- Organisation Validated (OV)
- Extended Validated (EV)
What You Need for an SSL Certificate
Make sure you prepare before you apply for an SSL certificate. Here’s what you need:
- Documents to prove the identity of your business’s (OV and EV SSL)
- Your unique website IP address
- An updated, accurate Domain WHOIS record
- A certificate signing request (CSR) from your hosting company
Now let’s go over the SSL certificate types in more detail.
#1 Domain validated (DV) SSL
The DV SSL is the most basic of the three types, with the lowest security level. They’re also the easiest to obtain because of the above. Most certificate providers issue DV SSLs right away. The only requirement from you is proof that you own the website domain. Consider the domain validated SSL only if your website does not collect personal details from visitors.
#2 Organisation validated (OV) SSL
OV SSLs were the first ones ever produced and are more expensive than DVs. The certificate takes a little longer to get hold of too. You must provide proof of business ownership as well as domain. This process prevents thieves, hackers, and phishers getting OVs. The OV SSL offers a minimum level of protection for eCommerce and other sites that process personal visitor data.
#3 Extended validated (EV) SSL (most trusted)
EV SSL certificates give the highest level of website security protection. They’re also the most expensive of the three types. The request for an EV certificate can take quite a while. The applicant must verify domain ownership, provide organisational information, legal status, and address details. Large global organisations mostly use EV type certificates.
There’s a lot of mistrust among internet users, so secure websites are vital for businesses. Customers and potential clients need to know you have their back. Trust matters when sharing sensitive information, the submission of personal data, or online shopping. And trust markers show you care and have implemented a Standard, OV, or EV SSL certificate on your site.