What is an SSL/TLS certificate?

SSL (Secure Sockets Layer) the predecessor to TLS (Transport Layer Security) are both commonly referred to as "SSL".  An SSL certificate is a security certificate that uses SSL/TLS cryptographic protocols to secure communications over a computer network.  In simplest terms, an SSL certificate helps secure the website in which an SSL certificate has been applied.  

An SSL certificate would be bound to the HTTPS portion of a website.  A website or portion of a website while running under HTTP would not be protected by an SSL certificate.  An SSL certificate is only applied to the HTTPS secured portion of a website.  (EX: http://abc123.com/ would not be secure by an SSL certificate, but https://abc123.com/ would be secured by an SSL certificate as long as an SSL certificate has been correctly applied)  It is generally possible to place an entire website under an HTTPS environment. 

An SSL certificate accomplishes many things.  It’s all about securing data and building trust.  Whether you are selling products online, an informational website collecting data, or just want to keep your data secure, an SSL certificate is a must for you.  Here are a few reasons why you should consider using an SSL certificate.

1.  SSL encrypts sensitive information providing protection from hackers and identity thieves.
This is the primary purpose of an SSL certificate.  An SSL certificate encrypts sensitive information across the internet between the website and the intended recipient.  The encryption is passed from server to server between the host computer (your website) and the end user computer (your clients).  Without an SSL certificate, the data does not get encrypted and can be accessed by any of the servers and anyone accessing the servers where the data is being passed through between the website and the computer the site is sending the information to.  This includes (but not limited to) credit card data, sensitive documents, and personal data such as passwords or addresses.

2. SSL provides authentication
Authentication means that you and the entire world can be certain that when sending information to your site that the information is being sent to the right server rather than an impostor stealing information.  SSL certificates use a private key structure that binds the SSL certificate to the server of which it has been installed to.  This is important as without the authentication and of the computers the information is being passed through could pretend to be your website and collect sensitive information.  Trusted SSL providers will only issue an SSL certificate to a verified company that has passed their series of security and authentication steps.  So when anyone or any computer sees that an SSL certificate from a trusted authority is installed, the website in which the SSL certificate has been installed to is indeed the legitimate server for the website to send information to.

3.  SSL provides trust

Where an SSL certificate is installed, web browsers provide visual cues such as a lock icon or green address bar that visitors can easily see and reference to know that your website is secure.  SSL providers may also provide a trust seal.  A trust seal is optional to install on a site.  A trust seal is an additional way to identify your site as having an SSL certificate installed.  Trust seal is generally code, not just an image (don’t be fooled by an impostor), that can be added to your site.  The trust seal, once clicked on, provides information about the SSL certificate.  This would be similar information as to what someone would see if clicking on the lock icon or green address bar in a browser. 
HTTPS also protects against phishing attacks. A phishing email is an email sent by a criminal who attempts to impersonate your website. The email usually includes a link to their own website or uses a man-in-the-middle attack to use your domain name. Because it is very difficult for these criminals to receive a trusted SSL certificate, they won’t be able to perfectly impersonate your site. This means that your users will be far less likely to fall for a phishing attack because they will be looking for the trust indicators in their browser, such as a lock icon or green address bar, which would not be present when clicking on a phished link.

4.  An SSL certificate is required for PCI compliance
PCI (Payment Card Industry) is the security council founded by equal partners Visa, Discover, Master Card, American Express, and JCB International.  The PCI security council sets, regulates, enforces, and provides tools to ensure compliance of the latest security practices of protecting credit card data.  Those not in compliance with PCI can be penalized by their payment brand.  The PCI council does not carry out penalties themselves.  To become PCI compliant you must pass a series of requirements.  An SSL certificate is merely one of the many requirements.

So, what’s the downside?
Well there are obviously more positives than negatives to using an SSL certificate.  SSL certificates in general have a minimal cost.  SSL certificates can slow down a server as the server uses resources to encrypt the data.  This however is only true and very rare for websites with an extremely large number of visitors.  The disadvantages of an SSL certificate are very low.  The advantages of an SSL certificate by far outweigh the disadvantages.

How do I get an SSL certificate?
It is not a requirement to buy an SSL certificate from us.  It is however very convenient to do so.  For a low cost to you, we would handle the majority of the process of creating the CSR (Certificate Signing Request)  file needed, submitting the file to our SSL authority, and installing the SSL certificate to the server.  We currently offer a variety of SSL certificates which can be found by clicking here.  

 

Please note that your website will need to be on a dedicated IP address in order to install an SSL certificate.  Switching to a dedicated IP address from a shared IP address will cause a period of propagation that generally completes within a couple of hours, but in some instances may take longer to propagate.

If there are any questions, please contact us to assist you in deciding which SSL certificate may be right for you.