As a website owner, you’ve probably heard the words “SSL certificate” getting thrown around a lot. When you’re first getting your website built all of this technical jargon can seem like you’re trying to learn another language.
Did you know? HostGator offers a FREE SSL certificate on all hosting packages. And we have higher tier SSL certificates for purchase if you need more than the basic.
Plus, SSL certificates are quickly becoming a necessity. According to Google, SSL and HTTPS should be used everywhere across the web. Sites not using SSL will be marked as unsecured if they’re viewed using the Google Chrome browser.
What is an SSL Certificate?
First, SSL stands for Secure Sockets Layer. At the core, this technology helps to secure an internet connection and protect any data that’s transferred between a browser and a web server.
Let’s cut to the chase… if your customers input their private information on your website, then you need an SSL certificate for security.
By encrypting and securing any data that passes through this connection you help to prevent any data theft or hacking. Plus, if any data is stolen from this connection it’ll be impossible to decipher since it’s encrypted.
An SSL connection needs two systems in order to be active. Think a server and a website browser, or a server to server connection.
With this connection, any data that’s transferred between the two will actually be impossible to read. The encryption algorithms will scramble any data being sent over the connection, so if the information is compromised it’ll be impossible to decipher.
In the past, SSL was commonly used to protect and secure sensitive information, like banking details, credit card numbers, and sensitive personal information. However, today with stricter privacy standards, almost every website can benefit from installing an SSL certificate to protect any user information.
But, SSL certificates can do a lot more than just give you a rankings and trust boost.
Below we highlight what an SSL certificate is, how it works, and what situations it would be smart to encrypt your website with SSL.
The Importance of Online Security and Your Reputation
Trust is so important on the Internet. Any site that acquires a reputation for unreliability, insecurity or dishonesty can expect to see traffic dwindle to zero.
On the other hand, a site that can prove it takes security seriously can attract more visitors.
That’s always a good thing, whether your web site is for a nonprofit, small business, or eCommerce.
Surfers and online shoppers also increasingly recognize the on-screen presence of a small padlock icon or a website address that begins with “https://…” as signs that they can trust the site they’re connecting to. That’s SSL or ‘secure sockets layer’ in action.
The biggest reason websites use SSL is to protect sensitive information that’s sent between computers and servers. If information like credit card numbers, passwords, and other personal information isn’t encrypted this leaves it open for hackers to easily step in and steal the information.
With the SSL certificate. your information is unreadable to anyone who attempts to steal it. The only people able to decipher it are the intended recipients at the other end of the connection.
With an SSL certificate, your customers can do business with you knowing that their information is going to be safe from identity thieves and potential hackers.
How Does an SSL Certificate Work?
SSL operates between a visitor’s browser and your site or application. It’s an industry-standard mechanism that ensures the encryption of data being passed backward and forwards so that no unauthorized person can spy on the information and hack it.
It also prevents cybercriminals from diverting visitor traffic to their own site using their own encryption and gaining access to your data that way. All major web browsers have SSL capability built in.
The process of enabling an SSL certificate on your site is quite simple.
First, you’ll install an SSL certificate on your server. A web browser will connect to your server, see the SSL certificate and initiate the SSL connection. This will then encrypt any information that passes between a browser and your server.
Here’s the process broken down a little further and the steps in place to guarantee site security:
- An SSL handshake occurs once the web browser validates the presence of an SSL certificate on the server.
- The server then sends all of the necessary information including the type of SSL certificate present, the level of encryption to use, and more.
- If the SSL certificate is valid, then the secure connection begins.
All of this takes place instantly. It might seem fairly technical, but if you open up a website with an SSL certificate installed you’ll never even notice that the above steps occurred.
How to Add an SSL Certificate to Your Site
The approach you’ll take to install an SSL certificate on your site depends upon the host you’re using, and the type of site that you’re running.
For example, here at HostGator, you’ll get a free SSL certificate no matter the hosting plan you’re on. Even the shared hosting plans are equipped with a free Let’s Encrypt SSL certificate. This SSL certificate will not only apply to your current domain but any subdomains you’re using as well.
You can activate your SSL certificate from within your hosting control panel.
Once you have your SSL certificate activated you’ll need to ensure that your domain redirects from the previous HTTP to the new HTTPS.
If you’re using WordPress, then all you need to do is install a plugin called Really Simple SSL.
With this plugin installed you’ll have a new option within your WordPress dashboard under Settings>SSL. Once you’ve activated the plugin it’ll scan to see if there’s an SSL certificate installed. If there is a certificate installed, then you can enable SSL with a single click.
On the ‘Settings’ tab, you can further configure your settings. But the most important option to turn on is the ‘Enable WordPress 301 redirection to SSL’.
Now any time a person types in or links to the HTTP version of your site, it will automatically redirect to the HTTPS version.
What Do SSL Certificates Do?
SSL certificates add an additional level of security between your website and the information visitors are sharing on your site. It creates a secure and encrypted link between your website and server.
This adds a layer of protection that accomplishes two goals:
1. Enabling Encryption
It can be scary to share your personal and financial information online. A lot of people prefer to use large-scale eCommerce sites like Amazon because they feel much safer and protected.
With an SSL certificate, sensitive data will remain encrypted and secure, thus providing your customers with a sense of relief.
Higher level SSL certificates will have higher levels of encryption, but the standard SSL certificate should be enough for most websites.
2. Verifying the Identity of the Site Owner
The SSL credential identifies the owner of the website, and creates an additional layer of trust. Put simply, your customers will know with whom exactly they’re doing business.
Before the certificate can even be issued the identity of the website owner has to be verified through multiple methods. With digital communication, it’s often difficult to determine the person on the other side of the connection, but with an SSL certificate you can be sure you’re doing business with your intended recipient, and vice versa.
What Levels of SSL Certificates Are Available?
Beyond adding an additional layer of encryption and security, SSL certificates are also used to verify the identity of a site owner, or company behind the site.
There are three different identification certificates:
1. Domain Validation Certificates
With a Domain Validation Certificate, you’re proving ownership over the domain name. At this level, the identity of the organization won’t be checked, just that the person who has the SSL certificate also owns the domain name tied to the website.
This is the most basic level of SSL certificate and is usually the level of certificate that comes free with most hosting plans.
It’s well suited for simple websites, but eCommerce sites and other websites that are dealing with sensitive personal information will want to obtain a higher-level certificate.
2. Organization Validation Certificates
With Organization Validation Certificates you’ll have to prove that you own the domain name, along with proving that your company is accountable and registered as a business. Usually, this means you’ll need to have proof of a registered company name and proof of domain ownership.
This level of certificate can only be issued to businesses and organizations. Individuals running a website won’t be issued this level of certificate.
3. Extended Validation Certificates
Extended Validation SSL Certificates are the highest level of SSL certificate available. To obtain this level of certificate you’ll need to validate your business, as well as your domain name. Plus, there are additional verification steps that you’ll also have to complete.
Obtaining this level of SSL certificate will take longer, but for some website’s it’ll be worth it. It goes a long way towards showing your visitors that you value their privacy and protection.
When visiting a site with this level of SSL certificate you’ll often see the URL bar is entirely green. This is a highly visual form of trust that you’ll exhibit to your customers.
Note that this level of certificate is also only available to businesses and organizations. It is not available to individuals.
Do I Need an SSL Certificate for My Website?
Basically, every site today could benefit from an SSL certificate. Overall, it’s more advantageous to have an SSL certificate installed than not.
For starters, HTTPS is a ranking factor, so site’s that have an SSL certificate installed will rank higher than those that don’t.
Second, if a user accesses your site and you don’t have an SSL certificate installed, then your site will be marked as unsecured, which can greatly diminish your user experience.
Basically, Google is pushing hard towards an HTTPS/SSL web, and it’s always a good idea to be on the right side of Google.
Beyond everything highlighted above, there are a few additional circumstances where an SSL certificate is a necessity.
1. Users Are Making Online Purchases
Online shoppers are concerned about their online privacy today more than ever. With an SSL certificate, you’ll not only improve your site’s security, but you’ll make it that much more likely that your users will actually complete their purchases.
The chances are pretty slim that your visitors are going to pull out their credit cards on a site that isn’t secure.
2. You’re Running a Membership Site
Usually, when you’re running a membership site, you’re not only collecting a lot of information about your users, but you’re collecting their banking or credit card information as well.
With an SSL certificate, you’ll not only improve the security of your site and help keep your member information safe, but you’ll increase the chances of them feeling safe enough to sign up as well.
3. You’re Collecting User Information
If you have forms on your website that are collecting user information, then you’ll want to use an SSL certificate. This will help to keep the information that your visitors submit safe and secure.
Plus, give them peace of mind that the information they share won’t fall into the wrong hands.
An SSL certificate can help to build trust between your visitor and your website. Building trust online is all about giving subtle cues to your visitor that you can be trusted.
By having the little lock on the browser bar, you’re guaranteeing to your customer that your site can be trusted.
If your website requires the exchange of any personal information, then you might want to consider getting an SSL certificate. If your user is required to enter their credit card information, then an SSL certificate is almost mandatory.
However, you don’t always need a sitewide SSL certificate. Since going through multiple levels of encryption can slow down your website it may be disadvantageous to have certain pages of your site encrypted. There’s also a decent cost involved in order to get your site verified and operating effectively, so this also has to be considered.
If you’re doing business online and are exchanging sensitive information with your visitors, then an SSL certificate will provide an additional layer of security, while increasing your trustworthiness.
How SSL Impacts Your Visitors
One of the biggest benefits of installing an SSL certificate on your site is how it will positively impact your user experience, and grow the amount of trust that users have on your site.
The moment a visitor lands on your site they’re making judgments about its trustworthiness. Usually, this happens subconsciously. But, there are a few things you can do to push this in the right direction—like installing an SSL certificate to bolster your website’s security and trustworthiness.
An SSL certificate is installed on your web server, and your visitors will see that there’s actually a certificate installed. The web browser will show visitors whether or not the site they’re on is secure.
The first indication is seeing ‘https://’ present at the start of a URL, instead of ‘http://’. Site’s with an SSL certificate installed will have ‘https://’. The next visual factor will depend on the level of SSL certificate that’s installed on the site.
To the left of the ‘https://’ will either be a padlock, or a green address bar.
Plus, if your website visitors happen to be using Google Chrome, then your site will always display as secure. Failing to use an SSL certificate will lead to an error message like the one in the image below—before they ever get to reach your site.
Imagine seeing this warning the first time you land on a website. The chances are pretty high that you wouldn’t return.
What is an SSL Connection Error?
SSL connection errors occur for the benefit of the user, not the site owner. If you’re trying to access a website and an SSL connection error occurs, it’s because the website is currently experiencing some security issues. In most cases, you can usually still access the site, but just know that the site isn’t as secure as it should be.
There are a variety of security and connection errors that can be displayed. Usually, these will differ based upon the browser you’re using and the type of security error the site is undergoing.
Sometimes, this will be because they don’t have an SSL certificate installed, they’re using an expired certificate, or there are outdated security codes on the site.
The error messages might seem a bit scary, but just because these messages show up doesn’t mean that the site is doing anything malicious, or trying to steal your information.
If your site is currently experiencing any SSL security errors, then this is something you’ll want to get fixed right away. This might mean you’ll have to update your sitewide security protocols, or it might mean upgrading or renewing your SSL certificate.
It’s important that you get this issue resolved right away. If any visitors land on your site while you’re experiencing an SSL error they probably won’t bypass the security message, and you’ll lose their trust.
Does SSL Work Over Email?
Does SSL work when sending emails? Generally, most email providers are already using SSL to encrypt emails that are sent and received using their service.
For example, Google encrypts all traffic between Gmail and its servers. So, whenever you login to your Gmail account, you’ll notice the HTTPS connection.
Most email service providers are currently using an SSL/TLS connection. But, these connections aren’t foolproof. For example, SSL/TLS will protect your emails when you’re composing them and during any transmission to your email client server. But, there’s no guarantee that the person you’re sending the email to will have the same level of security in place.
Top SSL FAQs
Hopefully, the information above answered a lot of your questions regarding SSL certificates. However, you might still have a few lingering questions.
Here are some of the most common questions we’ve received regarding SSL:
Is SSL compatible across devices?
Yes. SSL certificates will remain in effect across any device that you’re using to access the internet. Keep in mind that this secure connection applies to when you’re using a web browser and not necessarily when you’re using a mobile app.
Does SSL work across different operating systems?
Yes. All of the major operating systems and devices are supported. However, some operating systems might not support the newest versions of SSL. But, older versions should still be supported.
How about across different browsers?
Yes. All of the big web browsers will be supported. Whether you’re using Firefox, Safari, Chrome, or even Internet Explorer, SSL will be supported. If you’re using a very niche web browser, then this might not hold true. But, all of the major web browsers will support SSL.
How can I tell if my site has SSL?
Maybe you’re not sure if your site already has an SSL certificate installed? Or, you’ve gone through the installation process and you’re not sure if it’s worked or not? The easiest approach is just to type in your domain name with HTTPS before the URL.
Or, you can use a tool from Digicert to see if there are any issues with your SSL certificate. Just enter your URL, and the SSL checker will see if your site has an SSL certificate installed, and if there are any existing issues preventing it from functioning properly.
Other security terms to know…
TLS and SSL
Another term you’ve probably seen in relation to SSL is TLS. TLS stands for Transport Layer Security. You can think of it as an upgraded and more secure version of SSL.
At the core, they’re both cryptographic protocols that help to authenticate and secure user data over a network. SSL is the initial version of TLS.
Over the years upgrades have been made, new versions have been released, and the ciphers and algorithms have been updated to reflect the latest risks that exist online.
However, you don’t need to worry about replacing your SSL certificate with a TLS certificate. Essentially, the phrase SSL certificate is the common industry phrasing to refer to SSL/TLS certificates. In time, TLS may replace SSL as the commonly used phrase.
HTTPS and SSL
HTTPS stands for Hypertext Transfer Protocol. You’ll see it to the left of the website URL when the site has been secured using SSL. If the site isn’t secure, then you’ll see the traditional HTTP in its place.
When you hover over the secure HTTPS section on the URL bar you’ll be able to see the security credentials of the site you’re on.