When it comes to web addresses, the domain name is the bread, and the SSL Certificate is the butter. They go hand-in-hand when it comes to availability and security online. Having a website without an SSL Certificate risks a lot of issues ranging from a poor reputation to legal ones.
What is an SSL Certificate?
An SSL Certificate is the padlock displayed next to the domain name in your URL bar. It’s the https:// before the domain name. Behind the scenes, an SSL certificate is a file (usually .key) with encrypted data installed on a web server.
It begins with issuing a CSR (certificate signing request). An issuing authority (a SSL Certificate Authority such as Digicert) verifies the authenticity of the encrypted file. If it’s a special business SSL, they may also verify the identity and location of the company, sometimes by email or a phone call.
Once verified, the issuer will provide a certificate file (usually a .crt for Linux and .cer for Windows) as well as an intermediate certificate (known as a chain file, also a .crt) if applicable. It’s this combination of these encrypted files verified by an issuing authority, and installed on a server that create what is known as an SSL.
Fun Fact: SSL (Secure Sockets Layer) had 3 versions. SSL 3.0 was deprecated in 2015 and was replaced by TLS (Transfer Layer Security), current in version 1.3. SSL is so familiarly known across the internet, that the term is interchangeable for TLS, although we are always talking about TLS–technically speaking.
What does an SSL Certificate do?
First and foremost, an SSL Certificate encrypts the data transmitted between a web server and a visiting web browser. This is extremely important, as this security feature prevents hackers and other intruders from stealing personal information, passwords, or credit cards. It’s so important in fact, that PCI compliance requires your website to have an SSL certificate if you accept any form of payment.
Due to it’s value in security, an SSL Certificate is considered an additional point of trust for a website or business. Customers and clients trust a website with an SSL lock, because they know their data is secure when browsing. Websites without SSL Certificates may trigger security warnings on some web browsers, and may deter or even block some visitors from accessing.
Going along with trust.. Google, Bing, Yelp, and basically every search engine trusts your website a little less without a SSL Certificate. For this, an SSL Certificate is crucial for the SEO of a website. Without a secure website, it is most likely to be further down on search engine lists, or perhaps ineligible to be listed at all.
Many issuing authorities also provide a warranty with their SSL Certificate. If a recognized Certificate Authority issues an SSL to an credited site that results in unrightful monetary loss, the end user (visiting the website) has the right to sue to issuing authority as well as the website owner. An SSL insurance may cover an end user from $100,000 to $3,000,000 liability or more. For example: you purchase a $500 software from somelegitsite.com, and they fail to deliver, and refuse to refund.
Keep in mind, however, that most SSL Terms are fine-knit and do not include phishing or fraud sites.. For example: you purchase a $500 software from somefraudsite.com, and they fail to deliver, and refuse to refund. However, you didn’t read somefraudsite’s fine print, in which they explicitly state that your software is a blank file that will be emailed to you in the year 3022, with no guarantee of delivery or results.
Are there different types of SSL Certificates?
There are varying levels of SSL Certificates. Most websites use a quickly issued, basic SSL. Companies such as Digicert offer higher levels of SSL Certificates for businesses. These business SSLs require additional verification by address, email, and/or phone call, and sometimes provide a different visually-appearing SSL padlock (depending on the web browser).
Regardless of the level of SSL Certificate, they always come in two flavors: Standard & Wildcard.
The Standard SSL
A Standard SSL Certificate will secure and provide an HTTPS padlock for one domain name only. It offers 256-bit encryption for all web traffic on that top-level domain (gTLD).
The WildCard SSL
As opposed to the Standard, a WildCard SSL will protect the domain name as well as any subdomains under it. For example, if your website directs all traffic through yourwebsite.com/here and your store checkout is located somewhere like yourwebsite.com/checkout, then a Standard SSL will suffice. However, if your checkout is located at store.yourwebsite.com then you are going to need a WildCard SSL to protect the domain name and subdomains.
How much does an SSL Certificate cost?
This depends on where you are hosting your website, and where you are getting your certificate. Many shared web hosting providers don’t allow the installation of a third party SSL, and you’re required to obtain all SSLs through them. In either case, the price can range from FREE – $500/year.
All websites hosted with Unlimited Web Space are provided with a free WildCard SSL included.