This new guide will explain you everything you need to know about what is SSL certificate and related technologies.
First I’ll explain what SSL is and why it needs HTTPS to work.
Then I’ll go through benefits and the differences between SSL providers.
Are you ready? Let’s do it!
|What is SSL Certificate?||How SSL works|
|SSL Benefits||How to get SSL Certificate|
|SSL Providers||SSL Price|
What Is SSL Certificate
SSL means Secure Socket Layer. It sounds fancy, but essentially it is a security technology for establishing an encrypted link between a server (for example YouTube) and a client (your browser).
Let’s say you submit a form on a website with your details, the data gets encrypted then it’s transferred to the server and it gets decrypted and vice versa.
Essentially SSL protocol is just few text files with a bunch of numbers & letters in a long string and it is authorized by a central authority, which we will cover below.
If you are looking to install Free SSL Certificate, I have an article about it.
SSL Certificate works with HTTPS, so to fully understand how SSL works let’s take a look at it below.
What is HTTP
HTTP is a protocol which describes how hypertext should be transferred. Hypertext is just text with links. And it is the backbone of the Internet, as the internet is just infinite web of links.The protocol is based on client and server or request and response communication.
HTTP is the messenger in all of this. Both your request and the response have to obey HTTP protocol, which has very concise & specific rules.
Long story short, HTTP is set of strict communication rules so that both the client & server understand each other. In case you get all rebellious and don’t follow the rules you will get this!
What is HTTPS?
HTTPS stands for Hypertext Transfer Protocol Secure.
In other words, HTTPS is an encrypted and secure variation of HTTP.Compared to HTTP, HTTPS has an additional layer of security as it connects through Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
I know, I know this all sounds super boring! But in this case, HTTPS is actually really useful protocol.
SSL or HTTPS
You might be wondering what is the difference between SSL and HTTPS? They actually need each other to make the connection secure.
On one hand, HTTPS is a set of rules that specify how the communication between server and client will happen.
On the other hand, SSL Certificate is the proof that will be used to verify that the server is authentic.
Let’s imagine you are traveling and going through border patrol at the airport. You know that you wait in lines, walk up to the booth, hand out your passport and pull out your creepy smile. In other words, this is the protocol. Whereas your passport is a proof of that you are who you claim to be.
SSL or TLS
What is the difference between SSL and TLS? TLS (Transport Layer Security) is just the newer version of SSL encryption. The interesting part is that SSL 3.0 was actually deprecated in 2015. This means most SSL certificates are based on TLS protocol and if someone is still using SSLv3 then the browsers warn users about it.
The confusing part is that the certificate is usually referred as SSL Certificate, it actually should be called TLS certificate, but the name has just stuck through the years. The certificate doesn’t define if SSL / TLS protocols are used, this is done in the browser configurations.
Don’t be concerned when getting an SSL certificate, you are basically getting a certificate for TLS encryption.
Learn more about the history and more details about SSL and TLS
Why do you need a secure site?
When people refer to secure site it usually means they are using HTTPS to transfer data between the user and the server. The data is encrypted, thus it protects from phishing of sensitive information such as credit card number or phone number.
In addition, browsers indicate that a website has SSL security by displaying green padlock next to the URL.
Now there are other aspects to make sure your website is fully secured, but SSL on site is an easy way to get started.
SSL Checker (SSL Test)
If you are curious to see if your website is secure, check out this SSL Checker by HubSpot.
Or more simple way to test SSL is to just type in your website in the browser “mydomain.com” and see if you get the green padlock next to the URL and if the URL contains “https://” your site is secure!
How SSL works?
Your browser tries to connect to YouTube (server) with that has SSL and ask YouTube to identify itself. Then YouTube sends SSL certificate to your browser. After your browser checks if it trusts the certificate. If it does it sends an ok message.
YouTube sends to your browser confirmation that encrypted SSL session can start. Now your browser sends an encrypted request to view the front page of YouTube. And all data that is transmitted will be encrypted.
How does HTTPS work?
Let’s say you are buying stuff on Amazon and you are filling the credit card information.
When HTTPS is used, your data is transferred from YOU, the user, to Amazon, the server, the data that goes between is encrypted.
Here is a technical example.
Let’s say John Snow sends a raven to Lannisters. But the people of the north intercept it.
If this was a case of HTTP the message would say this: “I got your back Cersei, I like sun more than this F****** snow!”
However if the message was sent using HTTPS, the message would look like this “g45oinyo46ukpoyzag30n5089ng234jplky0450495ng23334n509n4111119g59n590g453”
So the people of the North can’t understand it, but Lannisters have decryption key so they can read it.
In other words, when the data leaves your computer it’s encrypted and then decrypted on receivers end and vice versa.
This is useful especially when you are filling forms online with your personal data & Credit card information, this prevents that somebody could hijack that information.
1. Browsers might block you
First of all, more and more browsers are taking action against websites that don’t have SSL connection.
Here is an example how that looks like in practice. You land on a website, which doesn’t have SSL certificate and your browsers give you this warning. You have to click around, to get to the site. Most visitors will not do this, and will simply leave your site.
2. Increased trust with visitors
This one is a small, but often neglected benefit. But since users will see your company or website name at the top of the browser with a green padlock, it conveys that your site is serious and it will look more professional with it. On the internet, it’s all about trust.
3. SEO benefits
The third reason is that from 2014, Google has been giving a boost to ranking positions to sites with SSL certificate.
Now keep in mind that most sites have a certificate, so that would just put you on the same line in this 1 criteria among hundreds of others.
So it’s becoming a standard requirement when setting up any website.
4. Increased Security
And lastly, because of the added security that SSL certificate provides. It is required to have HTTPS site to accept any online payments.
As SSL certificate protects against Phishing, as the information between user and server is encrypted. So even if the crooks intercept something, they won’t be able to decrypt sensitive information.
And if you are familiar with the new data regulation (GDPR) in Europe, it roughly states that you should do your out most to protect users data and HTTPS is an easy place to start
How to get an SSL Certificate?
There are free and paid SSL certificates.
Why would you pay for SSL if there is a free one?
Well, the biggest difference is that paid certificates will validate who you are and that you own the domain. The free certificate just confirms that you own the domain.
Here are examples of free SSL & paid:
On the left, you see that free one doesn’t have the same owner information as the one on the right, which is the paid one.
If you are running a small site I wouldn’t worry about the paid SSL. But if you are starting to gain a significant amount of traffic and you have e-commerce, then you should consider changing to paid SSL.
I’ve written step by step guide on how to get SSL Certificate for your website
Free certificates are not recommended for securing credit card and personal information on e-commerce websites. But if you are running a blog or a site where users don’t pay for services, then the Free SSL certificate should be enough.
Also, Free SSL certificates are valid only for 90 days, after you have to renew them. (this takes only 5-10mins so it’s not too bad)
Can I get SSL Certificate for WordPress?
SSL certificate has nothing to do with websites running on WordPress or any other CMS.
It all comes down to your hosting provider. Most shared hosting providers like
Godaddy & HostGator, allow you to use free SSL certificate, however, they make it somewhat inconvenient.
SSL providers or Certificate Authorities (CAs)
Essentially the difference between SSL providers (a.k.a. Certificate Authorities) is the reputation and the thoroughness of the authentication process.
There are also differences between the main 3 SSL Certificate types, which are Domain Validation, Organization validation and Extended validation certificates. Let’s take a look at them.
Domain validation certificates
Domain validation certificate is the least secure SSL form. You basically just confirm that you own the domain by email or by adding a file to your server. Free certificates use domain validation and it works well for small websites without e-commerce.
Organization validation certificates
Organization validation is a step more secure than domain validation as the Certificate Authorities also verify that the domain belongs to the organization. CAs do this by email or phone calls and it requires human interaction, therefore the price is higher.
Extended validation certificates (EV SSL Certificate)
Extended validation certificate is the most secure form of SSL certificates. It requires that the CAs verify that the domain belongs to you, you work for the organization and you can prove your identity. Browsers also display the organization name and country directly next to the URL.
What is wildcard SSL certificate
Wildcard SSL certificates are used when you need to include multiple sub-domains in one certificate as long as they are on one server. This is achieved with a CSR that is in form of *. Yourdomain.com, where the start works as a variable and can be anything, as long as the main domain stays the same.
Example of subdomains:
If your sub-domains are on multiple servers you need to make sure your server supports exporting or importing of the private key, otherwise, you will need to get certificates for each server.
Most popular free SSL provider is Let’s encrypt, it’s even used by NASA. If you are looking for simple encryption then go ahead and get that one as SSL certificate costs might be more than your site makes.
On the other hand, the SSL certificate price varies between different paid SSL vendors. Essentially you are paying for a variation of CA and for CA’s reputation.
Below is a table with rough SSL prices for different providers.
Prices for Domain Validated (DV) SSL Certificates
|SSL Provider||1-year price||Warranty|
Prices for Extended Validation (EV) SSL Certificates
|SSL Provider||1-year price||Warranty|
|Comodo CA||$249.00||$1.75 M|
I hope this article has given you detailed understanding about different SSL certificates and how it’s used with HTTPS. The bottom line is that you should get at least the free one. It doesn’t take too long to do and your website will look much more professional.