What Is a SSL Certificate and Why You Need One?

New site owners often ask, what is an SSL certificate, and why you need one? It’s all to do with online security. SSL or Secure Socket Layer certificates are tiny data files with a big function.

Internet security should concern everyone, from individuals to large corporations.

There are three critical reasons to embrace SSL certificates:

  1. Data encryption
  2. Authentication and Verification
  3. Instils trust in web users

How data encryption works

Both the above protective measures look after the good guys online. You can think of data encryption as the digital equivalent of real-world doors and locks. It’s the online key that locks and unlocks your data, and that key is unique to you. No one can intercept or read encrypted information other than the intended recipient.

Authentication and Verification

Businesses that don’t offer visual security features online lose out to those who do. SSL authentication shows potential customers online who they’re dealing with. There are three ways to check that a site is secure, namely:

  1. A small padlock symbol to the left of the URL.
  2. HTTPS:// before WWW
  3. Symantec™ Secured Seal trust mark

Visual confirmation of a valid SSL certificate

Let’s start with the common padlock symbol.

No one should trust any website or blog that collects personal data without the padlock symbol.

Below is an example of one such website. It reads ‘Your connection to this site is not Secure’ when you click the warning text. This message is in contrast to the secure site above.

The grey or green padlock symbol is not the only way to check. Websites that have valid SSL certificates from a trusted CA will have a moniker before WWW that reads HTTPS://. It stands for Secure HTTP. If there’s no ‘S’ after HTTP, then the site lacks SSL security.

The full website URL is not always visible in the address bar. In that case, look for the padlock.

Some websites also display the Symantec™ Secured Seal trust mark.

Any of these three visual indicators tell you the site is safe to use and protects user’s data.

Why Trust SSL?

The criteria used by a trusted Certificate Authority (CA) to vet SSL certificates are stringent. Encrypted data is scrambled, which makes it incomprehensible until it reaches the recipient. To put it another way, data would mean nothing, even if it were intercepted by bad actors. Thus, websites and stores using SSL certificates gain the trust of their clients and customers.

Uses for SSL Certificates

Online platforms must transmit data securely and therefore need SSL certificates. That covers all websites and eCommerce stores that ask for personal information. Think credit card details, personal identity, medical records, and so on. It matters because bad actors can easily steal sensitive data from sites that don’t have SSL defence.

Here are 5 common uses for SSL certificates:

  1. Secure data between websites and customer/visitor’s browsers
  2. Secure internal communication on company intranets
  3. Secure send/receive email communication
  4. Secure data between servers
  5. Secure data transmitted to and from mobile devices

Not all SSL Certificates Are Equal

Not all SSL certificates are equal, and some offer better protection than others. The self-assigned ones are generated for internal use and not issued by the CA. They carry less weight than the CA verified types because site owners produce them. There are also entry-level domain-validated certs. These are issued once the applicant proves ownership of the website address.

Fully-authenticated high-security SSL certificates take longer to obtain. The applying company must pass the required validation checks and procedures. That includes proof that the business is genuine. All Symantec (formally Verisign) SSL Certificates are fully-authenticated.

The final section looks at matching the SSL certificate with the type of website.

How to Choose the SSL Certificate for Your Site

You can determine the type of SSL certificate to use by the website you run. Also, think about the level of security you need to offer site visitors.

There are three basic categories of SSL certificates to consider.

  1. Domain Validated (DV)
  2. Organisation Validated (OV)
  3. Extended Validated (EV)

What You Need for an SSL Certificate

Make sure you prepare before you apply for an SSL certificate. Here’s what you need:

  • Documents to prove the identity of your business’s (OV and EV SSL)
  • Your unique website IP address
  • An updated, accurate Domain WHOIS record
  • A certificate signing request (CSR) from your hosting company

Now let’s go over the SSL certificate types in more detail.

#1 Domain validated (DV) SSL

The DV SSL is the most basic of the three types, with the lowest security level. They’re also the easiest to obtain because of the above. Most certificate providers issue DV SSLs right away. The only requirement from you is proof that you own the website domain. Consider the domain validated SSL only if your website does not collect personal details from visitors.

#2 Organisation validated (OV) SSL

OV SSLs were the first ones ever produced and are more expensive than DVs. The certificate takes a little longer to get hold of too. You must provide proof of business ownership as well as domain. This process prevents thieves, hackers, and phishers getting OVs. The OV SSL offers a minimum level of protection for eCommerce and other sites that process personal visitor data.

#3 Extended validated (EV) SSL (most trusted)

EV SSL certificates give the highest level of website security protection. They’re also the most expensive of the three types. The request for an EV certificate can take quite a while. The applicant must verify domain ownership, provide organisational information, legal status, and address details. Large global organisations mostly use EV type certificates.

Closing Comments

There’s a lot of mistrust among internet users, so secure websites are vital for businesses. Customers and potential clients need to know you have their back. Trust matters when sharing sensitive information, the submission of personal data, or online shopping. And trust markers show you care and have implemented a Standard, OV, or EV SSL certificate on your site.

Learn How to Add an SSL Certificate to Your Site

If you want to convert your insecure site to an HTTPS site using a free certificate, I have a course teaching you how to do this.  Click this link to get a big discount on that course.

Want to Learn WordPress?

WordPress is an amazing platform for building any type of website.   It’s used by large corporations and small mom & pop sites.

You may also like


2 thoughts on “What Is a SSL Certificate and Why You Need One?”

  1. Hello Andrew.
    In Your 2020 WordPress for Beginners Book, you started recommending that we use BlueHost as the Hosting Service Company. So I have gone with BlueHost. When I get to the part (in your book) where we want to install the SSL Certificate, you suggest that we click on the “Let’s Encrypt SSL” link. Unfortunately, I cannot find any such link (within the cPanel of my BlueHost site). Do you have any alternative recommendations on how to set up my website for https?
    Darrell Smith

Leave a Comment

Your email address will not be published.

Hello, I'm
Andy Williams!

You can get up to 90% off my Online Courses for webmasters, marketers & affiliates (plus a free course on Gutenberg).

Create your own WordPress Theme

It's built in to WordPress using Gutenberg, and my new course shows you how.