All You Need to Know about SSL Certificates
Don't you know what an SSL certificate is? It is one of the most important elements in any secure online transaction or operation. But... what exactly are these web components and what are they for? We will see everything below.
What is an SSL certificate?
SSL (Secure Sockets Layer) is a worldwide security standard that allows encrypted data to be transferred between a browser and a web server.
It is used by countless businesses and online users to reduce the risk of theft and manipulation of sensitive information (e.g. credit or debit card numbers, usernames, passwords, emails...) by hackers and identity thieves.
In other words, the SSL layer allows two parties to have a private communication. In order to establish such a secure connection, an SSL certificate (also called a "digital certificate") must be installed on a web server:
- Authenticate the identity of the website, assuring users that they are not on a fake site.
- Encrypt the information transmitted.
Are all SSL certificates the same?
Negative, as there are different types of SSL certificates depending on the number of domain names or subdomains you have, such as the following:
- Unique: covers a complete domain name or subdomain (FQDN).
- Wildcard: secures one domain name and an infinite number of its subdomains.
- Multidomain: covers several domain names.
Other types of certificates depend on the level of validation required, for instance:
- Domain validation: is the cheapest and provides basic encryption and domain name registration holder verification. It is delivered in a few minutes or hours.
- Organisation validation: in addition to basic encryption and verification of the domain name registrant, provides certain details of the owner, such as name or address. It is delivered in a few hours or days.
- Extended Validation: provides the highest level of security because of the extensive research done before issuing this certificate based on the guidelines set by the SSL certificate industry consortium. In addition to authentication of the entity and ownership of the domain name registration, the legal, physical and operational existence of the entity is also verified. It is delivered in a few days or weeks.
Who needs an SSL certificate?
After knowing what an SSL certificate is, you should be aware that any person or organisation using your website to request, receive, process, collect, store or display confidential information, for example:
- Login information and passwords.
- Financial information (such as credit card and bank account numbers).
- Personal data (such as names, addresses, national insurance numbers and dates of birth).
- Proprietary information.
- Legal documents and contracts.
- Customer lists.
- Medical records.
Where can I get an SSL certificate?
Perhaps the most important factor of an SSL certificate is where it comes from. These certificates are issued by Certificate Authorities (CA), which are trusted organisations responsible for verifying the identity and legitimacy of the entity requesting a certificate.
The role of the CA is to receive certificate requests, authenticate them, issue certificates and keep information about the status of issued certificates.
Digital certificates can also be purchased from a domain name registrar or a web hosting provider.
IMPORTANT: When choosing the right SSL provider, keep in mind that users' web browsers often cache a list of trusted Certificate Authorities, so if a digital certificate is signed by an organisation that is not part of this list, the browser will warn you that the website may not be trusted.
How do visitors know that a site has an SSL certificate?
There are four visual indicators for this:
- A padlock to the left of the URL address.
- The URL prefix is https instead of http.
- A trust seal.
- A green address bar, in the case of extended validation SSL certificates.
Now that you know what an SSL certificate is and how important it is to have one on a website, do not hesitate to contact Coco Solution for advice on this aspect.