What Is SSL Certificate: The Ultimate Guide To Secure Site

  • Post author:
  • Post last modified:April 22, 2018
  • Post comments:9 Comments
  • Reading time:15 mins read
You are currently viewing What Is SSL Certificate: The Ultimate Guide To Secure Site

This new guide will explain you everything you need to know about what is SSL certificate and related technologies.

First I’ll explain what SSL is and why it needs HTTPS to work.

Then I’ll go through benefits and the differences between SSL providers.

Are you ready? Let’s do it!

 

CONTENTS

What is SSL Certificate? How SSL works
what does SSL mean How SSL works
SSL Benefits How to get SSL Certificate
Benefits of SSL How to get an SSL Certificate
SSL Providers SSL Price
SSL providers SSL price

 

 

What Is SSL Certificate

SSL means Secure Socket Layer. It sounds fancy, but essentially it is a security technology for establishing an encrypted link between a server (for example YouTube) and a client (your browser).

Let’s say you submit a form on a website with your details, the data gets encrypted then it’s transferred to the server and it gets decrypted and vice versa.

Essentially SSL protocol is just few text files with a bunch of numbers & letters in a long string and it is authorized by a central authority, which we will cover below.

If you are looking to install Free SSL Certificate, I have an article about it.

SSL Certificate works with HTTPS, so to fully understand how SSL works let’s take a look at it below.

SSL explanation

 

What is HTTP

HTTP is a protocol which describes how hypertext should be transferred. Hypertext is just text with links. And it is the backbone of the Internet, as the internet is just infinite web of links.The protocol is based on client and server or request and response communication.

hypertext is text with links

HTTP is the messenger in all of this. Both your request and the response have to obey HTTP protocol, which has very concise & specific rules.

Long story short, HTTP is set of strict communication rules so that both the client & server understand each other. In case you get all rebellious and don’t follow the rules you will get this!

What is HTTPS?

HTTPS stands for Hypertext Transfer Protocol Secure.

In other words, HTTPS is an encrypted and secure variation of HTTP.Compared to HTTP, HTTPS has an additional layer of security as it connects through Secure Sockets Layer (SSL) or Transport Layer Security (TLS).

I know, I know this all sounds super boring! But in this case, HTTPS is actually really useful protocol.

SSL or HTTPS

You might be wondering what is the difference between SSL and HTTPS? They actually need each other to make the connection secure.

On one hand, HTTPS is a set of rules that specify how the communication between server and client will happen.

On the other hand, SSL Certificate is the proof that will be used to verify that the server is authentic.

Let’s imagine you are traveling and going through border patrol at the airport. You know that you wait in lines, walk up to the booth, hand out your passport and pull out your creepy smile. In other words, this is the protocol. Whereas your passport is a proof of that you are who you claim to be.

HTTPS is the king

SSL or TLS

What is the difference between SSL and TLS? TLS (Transport Layer Security) is just the newer version of SSL encryption. The interesting part is that SSL 3.0 was actually deprecated in 2015. This means most SSL certificates are based on TLS protocol and if someone is still using SSLv3 then the browsers warn users about it.

The confusing part is that the certificate is usually referred as SSL Certificate, it actually should be called TLS certificate, but the name has just stuck through the years. The certificate doesn’t define if SSL / TLS protocols are used, this is done in the browser configurations.

Don’t be concerned when getting an SSL certificate, you are basically getting a certificate for TLS encryption.

Learn more about the history and more details about SSL and TLS

 

Why do you need a secure site?

When people refer to secure site it usually means they are using HTTPS to transfer data between the user and the server. The data is encrypted, thus it protects from phishing of sensitive information such as credit card number or phone number.

SSL protects against Phishing

In addition, browsers indicate that a website has SSL security by displaying green padlock next to the URL.

Now there are other aspects to make sure your website is fully secured, but SSL on site is an easy way to get started.

SSL Checker  (SSL Test)

If you are curious to see if your website is secure, check out this SSL Checker by HubSpot.

Or more simple way to test SSL is to just type in your website in the browser “mydomain.com” and see if you get the green padlock next to the URL and if the URL contains “https://” your site is secure!

 

How SSL works?

Your browser tries to connect to YouTube (server) with that has SSL and ask YouTube to identify itself. Then YouTube sends SSL certificate to your browser.  After your browser checks if it trusts the certificate. If it does it sends an ok message.

YouTube sends to your browser confirmation that encrypted SSL session can start. Now your browser sends an encrypted request to view the front page of YouTube. And all data that is transmitted will be encrypted.

how ssl works animation

How does HTTPS work?

Let’s say you are buying stuff on Amazon and you are filling the credit card information.

When HTTPS is used, your data is transferred from YOU, the user, to Amazon, the server, the data that goes between is encrypted.

Here is a technical example.

Let’s say John Snow sends a raven to Lannisters. But the people of the north intercept it.

https example

If this was a case of HTTP the message would say this: “I got your back Cersei,  I like sun more than this F****** snow!”

Jon's letter in http

However if the message was sent using HTTPS, the message would look like this “g45oinyo46ukpoyzag30n5089ng234jplky0450495ng23334n509n4111119g59n590g453”

Jon's letter in https

So the people of the North can’t understand it, but Lannisters have decryption key so they can read it.

In other words, when the data leaves your computer it’s encrypted and then decrypted on receivers end and vice versa.

This is useful especially when you are filling forms online with your personal data & Credit card information, this prevents that somebody could hijack that information.

 

SSL Benefits

1. Browsers might block you

First of all, more and more browsers are taking action against websites that don’t have SSL connection.

Here is an example how that looks like in practice. You land on a website, which doesn’t have SSL certificate and your browsers give you this warning. You have to click around, to get to the site. Most visitors will not do this, and will simply leave your site.

 

2. Increased trust with visitors

This one is a small, but often neglected benefit. But since users will see your company or website name at the top of the browser with a green padlock, it conveys that your site is serious and it will look more professional with it. On the internet, it’s all about trust.

 

3. SEO benefits

The third reason is that from 2014, Google has been giving a boost to ranking positions to sites with SSL certificate.

Now keep in mind that most sites have a certificate, so that would just put you on the same line in this 1 criteria among hundreds of others.

So it’s becoming a standard requirement when setting up any website.

 

4. Increased Security

And lastly, because of the added security that SSL certificate provides. It is required to have HTTPS site to accept any online payments.

As SSL certificate protects against Phishing, as the information between user and server is encrypted. So even if the crooks intercept something, they won’t be able to decrypt sensitive information.

And if you are familiar with the new data regulation (GDPR) in Europe, it roughly states that you should do your out most to protect users data and HTTPS is an easy place to start

 

How to get an SSL Certificate?

There are free and paid SSL certificates.

Why would you pay for SSL if there is a free one?

Well, the biggest difference is that paid certificates will validate who you are and that you own the domain. The free certificate just confirms that you own the domain.

Here are examples of free SSL & paid:

difference between paid and free SSL

On the left, you see that free one doesn’t have the same owner information as the one on the right, which is the paid one.

If you are running a small site I wouldn’t worry about the paid SSL. But if you are starting to gain a significant amount of traffic and you have e-commerce, then you should consider changing to paid SSL.

 

I’ve written step by step guide on how to get SSL Certificate for your website

 

Free certificates are not recommended for securing credit card and personal information on e-commerce websites. But if you are running a blog or a site where users don’t pay for services, then the Free SSL certificate should be enough.

Also, Free SSL certificates are valid only for 90 days, after you have to renew them. (this takes only 5-10mins so it’s not too bad)

 

Can I get SSL Certificate for WordPress?

SSL certificate has nothing to do with websites running on WordPress or any other CMS.

It all comes down to your hosting provider. Most shared hosting providers like

Godaddy & HostGator, allow you to use free SSL certificate, however, they make it somewhat inconvenient.

 

SSL providers or Certificate Authorities (CAs)

Essentially the difference between SSL providers (a.k.a. Certificate Authorities) is the reputation and the thoroughness of the authentication process.

There are also differences between the main 3 SSL Certificate types, which are Domain Validation, Organization validation and Extended validation certificates. Let’s take a look at them.

Domain validation certificates

Domain validation certificate is the least secure SSL form. You basically just confirm that you own the domain by email or by adding a file to your server. Free certificates use domain validation and it works well for small websites without e-commerce.

 

Organization validation certificates

Organization validation is a step more secure than domain validation as the Certificate Authorities also verify that the domain belongs to the organization. CAs do this by email or phone calls and it requires human interaction, therefore the price is higher.

 

Extended validation certificates (EV SSL Certificate)

Extended validation certificate is the most secure form of SSL certificates. It requires that the CAs verify that the domain belongs to you, you work for the organization and you can prove your identity. Browsers also display the organization name and country directly next to the URL.

What is wildcard SSL certificate

Wildcard SSL certificates are used when you need to include multiple sub-domains in one certificate as long as they are on one server. This is achieved with a CSR that is in form of *. Yourdomain.com, where the start works as a variable and can be anything, as long as the main domain stays the same.

Example of subdomains:

  • www.yourdomain.com
  • blog.yourdomain.coma
  • dmin.yourdomain.com
  • test.yourdomain.com

If your sub-domains are on multiple servers you need to make sure your server supports exporting or importing of the private key, otherwise, you will need to get certificates for each server.

SSL price

Most popular free SSL provider is Let’s encrypt, it’s even used by NASA. If you are looking for simple encryption then go ahead and get that one as SSL certificate costs might be more than your site makes.

On the other hand, the SSL certificate price varies between different paid SSL vendors. Essentially you are paying for a variation of CA and for CA’s reputation.

Below is a table with rough SSL prices for different providers.

 

Prices for Domain Validated (DV) SSL Certificates

SSL Provider 1-year price Warranty
Comodo CA $49.95 $10,000
GoDaddy $69.99 $100,000
Thawte $149.00 $100,000
Geotrust $149.00 $500,000
GlobalSign $249.00 $10,000

 

Prices for Extended Validation (EV) SSL Certificates

SSL Provider 1-year price Warranty
Comodo CA $249.00 $1.75 M
Symantec $995.00 $1.75 M
GoDaddy $199.99 $1 M
Thawte $299.00 $1.5 M
Geotrust $299.00 $1.5 M
GlobalSign $599.00 $1.5 M

I hope this article has given you detailed understanding about different SSL certificates and how it’s used with HTTPS. The bottom line is that you should get at least the free one. It doesn’t take too long to do and your website will look much more professional.

 

Robert

Hey there! I started punchsalad.com & TipsWithPunch YouTube channel, out of frustration for time-wasting tutorials on YouTube that didn’t get you anywhere. The tutorials are mostly about WordPress, web analytics, Google Ads, and other useful website-related software.

This Post Has 9 Comments

  1. Richard Chambers

    The image at the top of this page has been stolen from our website.

    Please remove it.

    1. Robert

      Hi Richard, Indeed it looks like I’ve used your image incorrectly. I usually use free libraries, but this one clearly wasn’t one. Apologies for any inconvenience. I’ve replaced the image, you might need to hard reload the page as the old image might be in cached in your browser.
      Regards,
      Robert

  2. Final Grade Calculator

    Howdy would you mind stating which blog platform you’re working with?
    I’m looking to start my own blog soon but I’m having a tough time deciding between BlogEngine/Wordpress/B2evolution and Drupal.
    The reason I ask is because your layout seems different then most blogs and I’m looking for something unique.
    P.S My apologies for getting off-topic but I had to ask!

    1. Robert

      Hey Toby, I’m using WordPress as I’m most familiar with it. Cheers!

  3. gaurav chandel

    Hey Friends! I need your help urgently…I follow up ur 1st tutorial on my website…and after 3 months my certificate is expired and then i uninstall that certificate and again follow ur 1st tutorial and now my website becomes very bad i can’t able to see my media, and can’t do any changes. I’m not able to do anything. Can U please help me buddy…

    1. Robert

      Hi Gaurav, you followed the tutorial to install SSL on your site, right?
      When you say uninstall what do you mean?

      If you don’t see your media it’s probably because your site is https:// but the images are http://

      Also what do you mean that you can’t do anything? you can’t login to your wordpress or what?

  4. Jeet

    Hey Robert, Can you guide on How to use free SSL on Godaddy WordPress Managed account, Appreciate your help!

Leave a Reply