What is a SSL Certificate? Do you need one?
Note: This post may contain affiliate links; I may earn a commission (at no extra cost to you) if you make a purchase via my links. See my disclosure for more info.
An SSL certificate is a type of digital certificate that basically makes a website more secure.
Think of it like sealing a letter in an envelope before sending it through the mail. SSL, short for Secure Sockets Layer, is commonly used on e-commerce sites and pages that require users to submit personal information.
By ensuring that all data passed between the two parties remains private and secure, SSL encryption can help prevent hackers from stealing private information such as credit card numbers, bank details, names and addresses.
Table of Contents
Why do I need a SSL certificate?
SSL certificates create trust with users by verifying that websites used to track finances and make online purchases are secure and legitimate. However, this reason has been around since SSLs existed and yet sites with HTTPS across all pages weren’t common until relatively recently.
Today things are different because even if you don’t care that much about your own website security, Google does. HTTP sites will lose rankings, compared to HTTPS ones. Many users won’t notice the difference between an http:// and an https:// web address but most browsers have started tagging HTTP sites with a warning that non-HTTPS sites aren’t secure, which will quickly scare away visitors.
What information does a SSL certificate contain?
SSL certificates include:
- The sites domain name
- Which person, organisation, or device it was issued to
- Which certificate authority issued it
- The certificate authority’s digital signature
- Associated subdomains
- Issue date of the certificate
- Expiration date of the certificate
- The public key (the private key is kept secret)
The public and private keys used for SSL are essentially long strings of characters used for encrypting and decrypting data. Data encrypted with the public key can only be decrypted with the private key, and vice versa.
How does a SSL certificate work?
An SSL certificate ensures that the provider is who they claim to be and also indicates secure connections between personal devices and websites. Understanding SSL certificates is important for website trust and to help protect customers from becoming a victim to scammers. It’s smart to keep in mind that not all websites, or SSL certificates, are created equal.
An SSL certificate helps secure information such as:
- Login credentials
- Credit card transactions or bank account information
- Personally identifiable information — such as full name, address, date of birth, or telephone number
- Proprietary information
- Legal documents and contracts
- Medical records
SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. SSL certificates make encryption possible, and contain the website’s public key and the website’s identity, along with related information. Devices attempting to communicate with the origin server will reference this file to obtain the public key and verify the server’s identity. The private key is kept secret and secure.
Ensure your online session is secure
Now that you know what an SSL certificate is, it’s important to learn how to reduce your exposure while shopping or performing other sensitive transactions online. To help ensure your online session is secure, follow these three steps:
- Read the seller’s privacy policy. Find out how your personal information will be used. Reputable companies should be open about the information they collect and what they do with it.
- Look for trust indicators on shopping sites. Reputable logos or badges signify that the website meets certain security standards.
- Know what to look out for if a site has an SSL certificate. As a first step, look for visual cues indicating security, such as the lock symbol in the address bar.
How do I get a SSL certificate for my website?
Today, some website hosting companies offer free SSL certificates for the websites they host. Beware though, many are still charging. So choose your website host carefully. For me this is a sign of a good hosting company and one of the elements you should be asking about before signing up with them.
Once the certificate is issued, it needs to be installed and activated on the website’s server. Once it’s activated, the website will be able to load over HTTPS and all traffic to and from the website will be encrypted and secure.
Every website we create at Tree Duck Design is hosted with SiteGround and gets a free SSL certificate included as standard.
