SSL certificates for beginners

Luke Trimmings
By Luke Trimmings on February 15th 2016
SSL Certificates for beginners
‘SSL’ stands for Secure Sockets Layer. It creates a secure connection between client and server to allow the secure sending of information. An SSL certificate contains information about a domain name and the owner of the domain name to authenticate the connection.

What is an SSL certificate and why do I need one?

‘SSL’ stands for Secure Sockets Layer. It creates a secure connection between client and server to allow the secure sending of information. An SSL certificate contains information about a domain name and the owner of the domain name to authenticate the connection.

As a rule of thumb, you’ll know if a site has an SSL certificate installed if the site begins with ‘HTTPS’ instead of the simple ‘HTTP’ (the ’s’ stands for secure). Most browsers now also display a padlock icon or a visual indication that SSL is installed.

With SSL installed and correctly set up, visitors to your website can be confident that communication between their browser and the server is secure.

Without SSL, any data sent to or from your website or app can be intercepted by anyone with the skill or motivation to do so.

From a business point of view, this has some serious ramifications:

  • You are risking your user’s privacy. If you collect user information and you don’t have SSL installed, you are taking a big gamble.
  • You may be risking your user’s finances. If you run an eCommerce website without running SSL, we would implore you to stop! Hackers actively search for websites that are not secure and you are putting customer security at risk.
  • You are risking user trust. Many users know that websites secured with a certificate are more trustworthy. Some of our clients have found that simply installing an SSL certificate has reduced their bounce rate.
  • You are hurting your SEO strategy. Google have implicitly said that secure sites receive a ranking boost.

What is SSL Extended Validation?

For websites that serve basic information and don’t collect user data, a standard certificate is great.

But how does the user know that the certificate holder is who they say they are? Let’s explore a potential scenario:

A nefarious individual wants to trick users into paying for a service or product sold by another company. They could easily buy a similar domain to that company, for example (apple-products.com or adidaas.co.uk) as well as an SSL certificate. They can then run a phishing scam to lure users into paying for computers or clothing that doesn’t exist.

So how do you avoid this? Extended validation (EV) certificates. With Extended Validation, the company issuing the certificate does due diligence to ensure that the party buying the certificate is who they claim they are. These certificates generally appear as a green bar or green text in the URL bar of your browser.

Extended validation certificates are more expensive, and can be more complex to set up. But if you sell online or collect user data, Extended Validation is a surefire way to instil confidence in your customers and users.