In this article, I will explain what SSL is, how to identify a secure site, how SSL works, and why your website needs it.
What Is SSL?
Table of Contents
SSL stands for Secure Sockets Layer. SSL is a standard security feature for websites that protects sensitive, personal information, such as:
- Login information
- Phone number
- Social security number
- Credit card data
SSL creates a secure, encrypted link between an Internet user’s browser and the website the browser is connecting to. Encryption means that no one other than those two parties can read the information being sent back and forth.
That way, a hacker or anyone eavesdropping on the exchange of personal information cannot read it.
SSL also uses authentication to make sure your data is sent to the right website.
Lastly, SSL assures you of data integrity, which means that no one can change the information before it gets to the intended party without being detected.
Identifying a Secure Site
You can tell that a site is SSL-secured by looking at the address bar of the website you’re on.
If you see a lock icon next to the website title and URL, the website is SSL-secured. The “s” after HTTP in the URL (https) also means that it is secure.
If the website title is green, it has extended validation SSL security. This means that the website has additional certification beyond basic SSL validation.
Extended validation is a great choice for e-commerce where credit card information is given. This extra layer of certification helps consumers trust the website, driving more conversions.
How SSL Works
To understand how SSL works, you need to know a little about what happens behind-the-scenes when you go to a website.
When you go to a website, your browser communicates with the web server you’re visiting. Your browser needs to make sure that the server is safe before connecting.
Remember what your mom said about not talking to strangers?
Your browser is just as wise. It has built-in safety checks to protect you from unknown and unsecured websites.
When you type in a web address into your browser and hit enter, a hidden conversation between your browser and the server begins. But you’ll never hear it. Here’s what happens, in a nutshell.
- Your browser initiates an SSL connection to the server in what’s called a “client hello.” This is where the browser asks for the server’s credentials.
- The server then tells the browser that it’s safe to proceed and gives a “server hello” along with a copy of its SSL certificate.
- Next, the browser reviews the SSL certificate to see if it is trustworthy. If the SSL certificate has been verified by a Certificate Authority (CA), the browser can trust the website. CAs are controlled by a security organization such as Comodo, Symantec, and GoDaddy. If the site is trustworthy, the browser sends the OK to transmit data.
- The server then sends their OK back to the browser, establishing a secure connection.
- At this point, trust is established, and they can exchange information.
Who Needs an SSL Certificate?
So, now that we know how SSL works, how do you know if you need it?
Let’s discuss when SSL certification is required, and when it’s highly recommended.
1. The Payment Card Industry Data Security Standard requires all e-commerce sites to have SSL. This includes email, banks, and social networks. This regulation is called PCI Compliance.
2. If your website requires login information with a username and password, you should have an SSL certificate. This ensures that your users’ private information is safe.
3. If users submit personal identifiable information (PII) on your website, you should have SSL encryption. PII includes phone numbers, addresses, and social security numbers. SSL keeps your user’s information secure.
If your website has fields asking for these three types of confidential information, you should have SSL protection. This ensures that site visitors will see the green lock icon next to your URL, so they know they can trust your site.
Web sites running on Firefox (version 51) will not have the green lock icon if they ask for sensitive information without SSL protection. Instead, they will have a gray lock with a red slash through it. Similarly, Chrome browsers (version 56) will have gray text that says “Not Secure.”
These warnings can erode your visitors’ trust.
Will I Need SSL?
Now, let’s say your website doesn’t ask for any sensitive information. Should you still get SSL protection?
Yes. This is because in future Chrome updates, all websites that lack SSL certification (ones that say HTTP rather than HTTPS) will be labeled “Not Secure” with a red triangle that has an exclamation point (!) in it. Even sites without fields for sensitive information will warn the user that the site is not safe.
This could drive visitors away from your site. Even though you may not need SSL encryption on your site, many visitors will feel unsafe, and they may leave your page.
For this reason, it’s wise to get SSL protection if you don’t already have it, even if your site is benign. Plus, you’ll get a search ranking boost from Google for having it.
If you want SSL certification, but you’re turned off by the price, you might consider a company like Let’s Encrypt. They offer free certification.
To sum up, SSL is a standard certification that provides encryption, data integrity, and authentication for business websites. It protects your customers’ PPI and your reputation.
You can tell that a site has SSL protection by looking for the “https” in its URL and the lock icon. Extended validation sites have green in the address bar.
When a browser tries to connect to a server, it initiates an SSL conversation to make sure the site is trustworthy. If a Certificate Authority has verified the site, it passes the security check. The parties can then safely exchange personal information.
All business websites should have SSL certification. If your website sells items, requests login information, or asks for personal information, you need SSL certification. This helps your customers trust your brand, and it boosts your placement on Google Search.
If your site only has content, such as a blog, it’s still wise to get certified. That way your site isn’t flagged as “Not Secure” by future versions of Chrome.
I hope this post has helped you understand how SSL works and why your website needs it. If you have any questions or feedback, feel free to post a comment below.
Question: Have questions or just want to say Hi? You can leave a comment by clicking here.
Until next time……