08 December 2017 - Jonathan Dempsey

Understanding SSL Certificates

In recent months you may have heard about SSL certificates and how important it is that your website has one installed, but it can be difficult to validate the purchase of one of these certificates without really understanding what they do and why they are crucial. This article will outline the main aspects of SSL certificates and help you get a better understanding of what exactly they provide.

What is an SSL Certificate?

An SSL (Secure Socket Layer) Certificate is an online certificate that authenticates a website and allows it to pass sensitive information safely across the Internet. Even if your website does not accept credit card details, having an SSL certificate installed on your site greatly increases the security and privacy of the site by not only protecting user data but by ensuring that users are connecting to the correct website and not an imposter site.

How Does an SSL Certificate Work?

To protect sensitive data that a website sends across the Internet, an SSL certificate will encrypt and authenticate that data. That’s great, but what does that actually mean?

Encryption

When data sent across the Internet is encrypted, it is scrambled into an undecipherable mess which can only be read and understood by the web server with the correct encryption key. The information you send via the Internet is typically passed along multiple computers to get to its destination web server.

Without an SSL certificate, the information sent through can intercept and be read by those computers. That includes credit card details, usernames, passwords and any other sensitive information you send to the web server. However, when an SSL certificate has been installed on a website, the information sent becomes unreadable to everyone except the web server (which has the encryption key) you are sending the data to.

Authentication

As well as encryption, an SSL provides authentication so you can be sure the sensitive information is being sent to the correct server. This helps prevent users from sending sensitive information to a server posing as the correct server. SSL providers which are trusted will only issue an SSL certificate to companies who have gone through various checks to confirm the company’s identity.

So how do you know if an SSL provider is trusted? Web browsers verify that the SSL providers follow certain rules that ensure that the SSL certificates they provide are fit for use on the Internet. If an SSL certificate is installed on the site that is from an untrusted SSL provider, then your browser typically won’t actually let you onto the site at all or provide warnings that the site is unsafe.

How Can I Tell if a Site has an SSL Certificate Installed?

Depending on the web browser you use, there are slight variations that let you know that a site uses an SSL certificate. Typically, in the URL bar in your browser, the website will be prefixed with “https://”. So “www.google.ie” would be in the URL bar as “https://www.google.ie”. Additionally, there will be a small padlock icon beside the URL address. The image below shows how Google Chrome lets users know that a site has an SSL certificate installed.

Why Should I Have an SSL Certificate Installed on my Site?

If you are running an eCommerce site or a site that accepts credit card details, an SSL certificate is a requirement. This is because when a website accepts credit card details, it must show that it is following the Payment Card Industry (PCI) standard.

The PCI standards are a set of security rules that apply to any business that stores, processes, accepts and transmits credit card information and ensures that information is handled in a secure environment. One of the checks of the PCI standard is that an eCommerce website is using a valid SSL certificate.

Google has announced that sites that are using a valid SSL certificate will be given a ranking boost over sites that do not have an SSL certificate installed. Google also have future plans for marking sites without a valid SSL certificate with a “Site not secure” warning. This will largely impact site web traffic and performance by not only ranking the site lower in search results but also affecting user trust.

Are there any Disadvantages to Installing an SSL Certificate?

The pros of having an SSL certificate installed on a website vastly outweigh the cons, this gap will only become greater as time goes on when Google starts to penalise non-SSL sites. The cost of an SSL certificate would be the main disadvantage. Depending on your site set up and the type of SSL certificate the site requires, the price for an SSL certificate can potentially become quite steep.

Performance can become a disadvantage for very large sites, but generally is not a problem for smaller sites. This is because since the data being sent has to be encrypted by the server, it takes up more of the server’s resources compared to if the data was not encrypted. However, even with larger sites, if the server has enough resources allocated to it then performance will not be an issue.

Conclusion

Overall, it is highly recommended to invest in an SSL certificate no matter what type of website you have. The vast increase in site security and privacy for users and their data is an important web standard to uphold. Having an SSL certificate installed will also likely increase the site’s Google search results ranking and will also help ensure user trust is kept as Google will be marking all sites without an SSL installed as unsafe in the future.

The cost of the SSL is the only real disadvantage but given that the advantages far outweigh the disadvantages, there is no real reason for a site to not have an SSL certificate. They’re simply not optional any more.