Go back to post list

SSL certificate: what is it, and why every site should have one?

What is an SSL certificate and why every website should have it installed?

In this post, I am using the term “SSL certificate”, even though technically today the SSL protocol is being replaced by the new and more secure TSL. I do that because one, the term “SSL certificate” is still more broadly used, and two, writing “SSL/TSL certificates” more than a dozen times harms the reading experience a bit. So let’s just stick with SSL.

SSL certification explained

Alright, so first thing’s first - what exactly is an SSL certificate?

An SSL certificate is a digital document that is presented to the client as they access a server. It allows for the identification of the domain’s host and ensures that all the data exchanged by the server and client is encrypted.

To put it simply, SSL communicates to the users of your site that your domain is trustworthy. And, that they don’t have to worry about the data they provide through your website being read by attackers as it is sent to the server.

This is the biggest reason why having an SSL certificate is so important. Think about it - if your company owns a website where users may be providing sensitive details, you want to make sure that these details will remain safe. Part of that is ensuring they cannot be intercepted during the connection. This is absolutely critical if you are running an e-commerce platform, where customers’ billing details are being processed.

Benefits of using SSL

You really shouldn’t need any more reasons to set up an SSL certificate, but surprisingly enough, there actually are more merits to having one than just website security.

SSL boosts your SEO

Having an SSL certificate means your site is likely to be ranked higher in the Google search engine. Google has stated in the past that global web security is a priority for the company, and that certified sites will have an edge in the rankings over their less secure competition. This sort of endorsement from Google (and other organizations, such as Mozilla) is one of the reasons why encryption and SSL certificates are quickly gaining in popularity.

According to the Google Transparency Report, 90% of pages accessed in the US via Google Chrome at the end of March 2019 were served over SSL.

According to data from Firefox Telemetry, this percentage was about 87% for users in the USA, and about 78% for users around the globe.

HTTPS protocol is serving only certified sites

Having an SSL certificate is key to establishing user trust. Users can actually see whether your site has SSL set up, since only certified sites can be served over the HTTPS protocol. If your site is served over the unsecured HTTP protocol, visitors are unlikely to want to provide any data, or even interact with the site. Some browsers will alarm users who access sites without the certificate that the domain they are accessing is not secure, and that unwanted third parties may access their information.

Getting your domain SSL/TSL-certified

I am assuming that if, by some chance, you weren’t on board with SSL certificates before, by now I should have you completely convinced. Hence, you’d probably like to know how a document like that might be obtained. I am providing a handful of important info on that below.

Choosing a Certificate Authority

The first thing you need to know about before obtaining an SSL certificate are Certificate Authorities (CAs for short). A Certificate Authority is an organisation that will verify the ownership of your domain, and then provide an SSL certificate proving your identity to your visitors. There are many organisations out there which provide SSL certificates, some more widely trusted than others. Most of them offer certificates for a price, but there are CAs out there that provide free SSL certificates as well. When choosing a Certificate Authority, make sure to check for opinions and stats on whether the organization of your choice is well-trusted.

Types of SSL certification

Once you choose your CA, the next step is to consider what type of certification suits your needs. There are three most popularly used types of SSL certification:

  • Domain Validation
  • Organization Validation
  • Extended Validation

The main difference between those is the level of authentication that is required by the CA, and, in turn, the level of security communicated to your users once the certificate is set up.

For Domain Validation, you will only need to prove your ownership over the domain - this is the only one of the three types where you can apply as an individual.

Organization Validation requires a higher degree of authentication. To grant this certificate, a CA will first need to establish that you are a registered business owner - this type of certification is not available to individuals.

With the last type, Extended Validation, the CA will go through some additional procedures to ensure that you are applying for the certificate as a legitimate company. The users accessing your site will then see your company name in the address bar of the browser, so if you want to make extra sure your domain looks trustworthy, it may be worth the hassle.

Setting up SSL Certificate

Once you’ve chosen your option and obtained the certificate, the last step is to set it up for your domain. The exact steps to do that differ from platform to platform. Luckily, your CA is more than likely to provide you with instructions on how to set up the certificate properly. They will usually also have their own support team to assist you with issues you might encounter. This should make the process painless, even if you do not have a background in technology.

SSL certificates are a useful tool

Obtaining an SSL certificate is not only critical for the safety of your users. It is also an important step towards building your online reputation as a trustworthy site owner or vendor. Whether you are running an e-commerce store, a business website or just a personal site - trust is paramount to having a good relationship with your users. That’s why it’s good to think about SSL certificates as a useful tool, rather than a troublesome necessity. If you haven’t already, make sure to look into setting one up for your domain.