Have you ever noticed a green lock icon when you’re shopping around online? Or maybe you’ve seen websites using HTTPS instead of HTTP.
If you have, then you’ve seen SSL encryption at work.
For most people, SSL (Secure Socket Layer) sounds like a complicated technology. While there is a complexity around it, it can be summed up in relatively simple terms.
Before we dive in, let’s take a look at what SSL is and how it works.
What is SSL?
SSL, short for secure socket layer, is the standard security protocol used on the internet. Millions of websites and companies use the technology to create a secure environment for their customers.
Why are SSL certificates important?
Information is the currency of the internet. In fact, its value so so large that a compromised email account can do irreparable damage. In an ideal world, the best way to keep information safe is by never giving out but that isn’t practical and impossible to enforce.
How does SSL work?
On an unsecure connection, data is transmitted in its raw form. Anyone who intercepts the data can easily read it and alter it. To keep information safe, SSL is used to encrypt that data sent over the internet.
To further clarify how SSL works, here's a short overview of what happens behind the scenes:
Step 1: SSL Handshake Request
A browser sends a request for a secure connection with a website server. Once the request is received, the website server sends its SSL certificate and a public key to the browser.
Step 2: Session Key Generation
Once the browser verifies that the SSL certificate is valid, it’ll use the public key to encrypt a 256-bit session key. The browser then sends the encrypted session key back to the server.
Step 3: Secure connection
Once the browser and server each have a copy of the session key, a secure connection is established. Any data transmitted will be encrypted beforehand and can only be decrypted by the other party's key.
Will a SSL certificate help my business?
Yes. The primary purpose of SSL is to secure information transmitted between your business and customers, but it also has SEO benefits as well. In a Google Webmaster Post, the search engine giant began using SSL encryption as a ranking signal.
“Over the past few months, we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”
When 2017 arrives, Google will also begin to clamp down on unecrypted sites. On a post published to its security blog on September, Google Chrome will mark unencrypted sites that collect sensitive information as non-secure.
How SSL is used by companies:
A common misconception is that SSL certificates are only useful if a website sells products online, but it also protects the data of website owners and administrators.
SSL encrypts online transactions
e-Commerce businesses and online services know that users don't part with their information easily. Without SSL encryption, online thieves can intercept and interpret data easily. Using encryption strings (i.e. YSGT5w_$U64$4a6w5004ViAQ!iBANz), hackers and thieves need the unique session key to decipher the string.
The security and protection offered by SSL certificates are crucial for businesses. Because your customers expect their data to always remain safe, SSL certificates encrypt any information they send to you which can range from credit card numbers to bank account numbers. By being able to see the site seal and the green lock icon, customers gain the peace-of-mind they look for as they shop online or share their email address with you.
SSL Protects Login Pages
If you use a content management platform like WordPress or Drupal, editing your content requires you to log into your dashboard. Even if you don't sell products online or collect information, managing your content still requires logging into the admin section of your page.
On an unsecured login page, hackers can easily find which login URL you use and listen in on the connection. Whenever you or a member of your team logs in to manage your content or update plugins, the username and password is transmitted in plain text. Hackers listening in can read the information in plain text and use it to log into your account.
For example, imagine working in a coffee shop to update your website or publish a new blog post. Free WiFi is convenient, but it is also exposes you to threats and vulnerabilities. By connecting to the same network as the target device, hackers can "sit" between your device and the connection point. Once in place, the hacker can read any unencrypted information you send.
However, if your login page is encrypted with SSL, the data is immediately encrypted and it prevents hackers from reading data in transit. Even if the session key is compromised, a new session requires it to be renewed and renders it useless.
How do I know if a website is protected by SSL?
You can find out if a site is protected by SSL encryption when you see a green lock icon and HTTPS before a page’s URL.
The green lock icon on the search bar denotes when an SSL connection is active. Furthermore, it should also indicate "https" instead of "http". You can also learn more about the particular certificate by clicking on the icon and reading the information your browser provides.
Great! So how do I get my own SSL certificate?
If you’re an existing Webnames.ca customer, you can add an SSL certificate by logging into your account, then selecting the domain name you want to add it to. From the dashboard, you can pick which certificate that you want to use. There are multiple options available, but if you want to secure multiple sub-domains - i.e. blog.your.site, pay.your.site, etc. - under a single SSL certificate, choose the Wildcard SSL option.
For a more detailed comparison of SSL certificates, visit our SSL Certificate page for more information.
SSL certificates may sound complicated, but they're not. As an important security protocol for the internet, SSL certificates ensure the security of connections online. While SSL certificates are typically geared towards online businesses, website owners and bloggers benefit from SSL by ensuring that their login credentials are always transmitted securely.