SSL: what is it and how does it work?
Ever wondered what that lock on the left side of your address bar means? Or do other life questions keep you awake at night? 😀 Either way, it is not unimportant to know what that icon means. That's how you know you're surfing to an encrypted website with an SSL certificate. SSL (Secure Sockets Layer) gives you the assurance that all communication between a website and a visitor is in encrypted form. That secure HTTPS connection keeps data out of the hands of cyber criminals. Isn't that what you want for your website or webshop?
- Do you know what an SSL connection is? This simple example explains it
- Explained: this is how SSL certificates work
- Why an SSL certificate is important
- GDPR makes an SSL certificate mandatory
- Connection over SSL very important for Google
- With SSL encryption, you build customer trust
- Be careful with free SSL certificates
- Pick the right SSL certificate for your website
- Step 1: Determine for whom the SSL certificate is intended
- Step 2: Determine how many domain names you want to secure
- Step 3: Configure your SSL certificate
- Installing an SSL connection yourself
- Do you value security and customer trust?
Do you know what an SSL connection is? This simple example explains it
SSL this, SSL that, but what does SSL truly mean? At Combell, we like to keep it simple. That is why we explain what an SSL connection is by means of a simple example.
SSL stands for Secure Socket Layer. Thanks to this layer, you can send secure information without a third party being able to retrieve the information. It can be compared to you (the Internet visitor) wanting to send a sealed package (e.g. your personal data) to your aunt (the server) without a nosy package deliverer (in this situation, the cybercriminal) being able to open the package.
Your aunt gives you a reinforced lock in advance with which you can make the package extra secure. Invisible even. Only she, the recipient, has the key with which you can open the parcel. Think of the package as an encrypted message.
What is an insecure connection?
We refer to an insecure connection when a website is loaded over HTTP instead of HTTPS.
This means that the data exchanged between the browser and the website is not encrypted, making it possible for hackers, for example, to intercept, view, or modify this data.
Websites marked as insecure can deter visitors, leading to less website traffic and shaky reliability.
Explained: this is how SSL certificates work
So SSL is the security protocol by which you establish an encrypted connection between a Web server and a browser. Although these days you also hear and read Transport Layer Security (TLS) as a term instead of Secure Sockets Layer (SSL).
Without an SSL certificate, the information exchanged between server and browser is sent as readable text. Such information is relatively easy to intercept. So what does an SSL certificate do? Establish a secure connection through which you exchange encrypted information.
SSL encryption works through a public key and a private key. Together, they create an encrypted SSL connection.
- The public key guarantees the online identity of the server owner. That key is always verified by a certificate authority.
- A connection via SSL gives the server running your Website a private key to decrypt the encrypted message. Because no one else outside the Web server has the key, all data is encrypted.
SSL encryption is established thanks to an 'SSL Handshake'. That handshake between browser and webserver involves three steps: checking the SSL certificate data, setting up the SSL encryption (with the public and private keys), and creating a temporary 'session key'.
Why an SSL certificate is important
Your website or application better have an SSL certificate. Why? Because you need to handle your customers' data securely. If you do not use SSL, then your website does not have an encrypted connection. Thus, you make it much easier - too easy even - for criminals or hackers to retrieve and thus steal certain personal or payment information.
GDPR makes an SSL certificate mandatory
GDPR (General Data Protection Regulation) makes the SSL certificate mandatory if you process customer data, no matter how little. So basically every website has to deal with it. Having a contact form integrated on your website is enough. So use SSL not only for yourself and your online visitors, but also to be in line with GDPR legislation.
Connection over SSL very important for Google
There's Google again, our favorite search engine. Google not only likes super fast websites, but the encrypted security of your site is also an important Google Ranking Factor. Google favors HTTPS websites with a better ranking.
Sites without SSL will therefore rank lower in the search engine's rankings. Talk about a big disadvantage! Without SSL, you more or less send your customers to competitors who do have websites with SSL encryption.
Websites with SSL certificates get a gray lock in the address bar in Google Chrome, Google's internet browser. Without an encrypted connection, your visitors will first see a screen with a notification message.
With SSL encryption, you build customer trust
Your customers' trust is another reason why SSL is important. Because browsers that show that your website - without an SSL certificate - is unsafe, that undermines the confidence of your visitors. Rightly so! Would you want to leave your financial data on a poorly secured website? Let alone make a purchase? I don't think so!
An SSL certificate restores this trust by adding extra info to the address bar. So you not only get that lock, but also company info and in some browsers a green address bar.
As a result, visitors trust your website and start ordering more, requesting offers, filling out forms. According to Sectigo, one of the largest providers of SSL certificates internationally, customers are up to 50% more likely to make a payment on a website that uses an encrypted connection via SSL.
Be careful with free SSL certificates
When it comes to SSL, you've probably heard about Let's Encrypt. That's an international, independent and also free certificate authority from the Internet Security Research Group. For many, that free aspect is the reason why an SSL certificate from Let's Encrypt is so interesting. Or seems to be. 🙂 Because the SSL certificates we are talking about here have a great added value compared to such a free SSL certificate from Let's Encrypt.
SSL certificate advantages:
Also read:
Pick the right SSL certificate for your website
Of course, you want to choose the right SSL certificate. With these three steps from Combell, you can make the right choices among the different types of SSL certificates.
Step 1: Determine for whom the SSL certificate is intended
Then, an SSL certificate with Domain Validation must do the trick. With domain validated certificates, your visitors enjoy a secure connection, your website is marked as secure and ranks better in Google. However, visitors are not 100% sure which organization is behind the website.
Then Domain Validation is not good enough. For a commercial website, it is important that visitors can find out the company behind the website.
Therefore, choose an SSL certificate with Organization Validation or Extended Validation. With organization validated certificates, a certificate authority (CA) performs an (extensive) check of your company and includes this information in your SSL certificate. Sectigo performs this check for Combell.
Step 2: Determine how many domain names you want to secure
Make your choice from these three options:
- Standard SSL: secures a single domain name (with and without a www in front of it)
- Multi-domain SSL: secures multiple domain names from the same owner. Ideal if you use multiple domain names for your online business. By default, there are three domains and / or subdomains included, but you can expand
- Wildcard SSL: secures your domain name and all subdomains. This is the perfect option if you use many subdomains for different parts of your website or application. The number of subdomains is unlimited
Step 3: Configure your SSL certificate
Made your choice from one of the SSL certificates? Then it's time to set up your secure connection. You do this by configuring your SSL certificate on our website. After completing your order, our experts will contact you to set up the certificate.
Installing an SSL connection yourself
"How do I install an SSL certificate?" Talk about a legitimate question! In order to install a certificate, you first have to request an SSL certificate via our website. If Combell is already the host of your website, it will install the SSL certificate for you. This way, your website switches from HTTP to secure HTTPS.
Of course, it is perfectly possible to install your externally purchased SSL certificate on our Combell hosting. You can install an external SSL certificate via our control panel.
Do you value security and customer trust?
Obviously, we already know the answer. 🙂 After all, those are the main reasons to choose SSL. HTTPS and the lock in the address bar build confidence. So you get more visitors across your digital floor (that you can sell something to!) and your site or webshop will rank better in Google. And don't forget: An SSL connection is actually mandatory.