The What and Why of SSL Certificates.

Posted By on November 16, 2012

This article is designed to answer some common questions regarding SSL Certificates – if you have other questions regarding SSL, please ask them in the comments below.

What is an SSL Cert?

SSL stands for Secure Socket Layer, as the name suggests an SSL adds an extra layer of security to your website and the way the server handles your websites data.

If a website is not using an SSL certificate – any user information sent from an online form to that websites server is transmitted in plain text, which obviously means if anyone gets their hands on that information; it is human readable.

If a website is using an SSL certificate – any information sent is encrypted using a key that is unique to the website, the server receiving the information is the only recipient that has the key required to decrypt the information.

This is why (n.b Only if if your entering data into a website) looking for the green bar and the address starting with https:// is so important.

None SSL URL

None SSL URL Example


Positive SSL Certificate Screenshot

Positive SSL Certificate Example


EV SSL Certificate Screenshot

EV SSL Certificate Example

—————

I have a website, do I need an SSL certificate?

If your website contains a form of any kind (especially a form that requests credit card / personal details) then I would say yes, you need to have an SSL certificate installed on your website. This could be clarified as overkill if you only have a contact form that requests basic details like name, email, message for instance, but in this case it would be up to you.

However, if you run an online shop or any type of client login area then having an SSL certificate should definitely be high on your todo list.

—————–

Where do I get/activate an SSL certificate?

Most hosting companies have the facility to provide you with an SSL certificate (including us! See our range of SSL certificates here.) You can also find companies via Google that offer just an SSL certificate service, if you buy your SSL certificate with your hosting provider usually nothing more than clicking an authorisation email is required (except EV SSL Certs which require further information confirmation).

If you purchase your SSL with a seperate company they will issue you with your certificate (usually in a zip file including a CRT file) this is used by your hosting company to install the certificate on the server.

Once installed it is then the job of you or whoever updates your website to change internal links to pages that handle sensitive data to point to https://www.[yoursite]/securepage.html instead of the current http://…

With a lot of eCommerce platforms this can be done quite easily through the config file that includes a HTTPS path.

—————–

Why are there so many different types of SSL?

Basically because there are different levels of security and uses for SSL certs, below we discuss some of the main types :

Positive Certificate – This is a domain level security cert that offers protection for one domain (e.g www.mydomain.com), this certificate is the basic security cert but even so it does securely transmit data from your users to the server so is ideal and cost effective for many small businesses and low volume websites.

UC Certificate – Unified Communications Certificates are used to secure products such as Microsoft Exchange or other Server types, this certificate allows you to secure multiple domains and/or sub domains under the one certificate.

Wildcard Certificate – When you have purchased a domain (e.g www.mydomain.com) you automatically have access to set up multple sub domains (e.g sub1.mydomain.com, sub2.mydomain.com) a sub domain replaces the www part of your domain. A wildcard SSL cert will secure an unlimited amount of sub domains for one domain.

EV Certificate – An Extended Valuation certificate authorises not only your website address but also your business details, this gives your customers the extra peace of mind that they are dealing directly with the correct company. This makes it unlikely that any Phishing attempts would be successful as the Phising site would never pass the tests involved in getting an EV cert.