An SSL Certificate is a digital certificate providing authentication for a website, enabling an encrypted connection. In plain English, this means that any data (messages, login details, payment card details) are encoded so that a hacker can’t intercept them when they’re passed from your device to the website.
The authentication process is often described as putting your confidential letter into an envelope before you put it in the post. It is very common on ecommerce sites and those where users submit personal or credit card information. It means all the information passed between the user and the site remains secure and private.
SSL encryption prevents fraudsters and hackers from stealing valuable information such as credit card details, bank information, addresses, usernames and passwords. It imparts trust for users by verifying any transactions are genuine and secure. It will also help with SEO ranking as it is seen as a positive search engine ranking signal.
What does the SSL Certificate mean?
- That the website is indeed who they claim to be and has secure connections.
- That customers will have some protection against falling victim to fraudsters and scammers.
What information does an SSL Certificate secure?
- Login credentials
- Bank details
- Credit card transactions
- Medical records
- Information which identifies someone: name, address, date of birth
- Legal documents and contracts
There are three types of SSL Certificate which provide different levels of security.
Domain Validated – this only validates who owns the website. The Certification Authority will simply send an email to the website’s registered email address. With no information about the company required, this is the lowest level of SSL protection.
Organisationally Validated – To achieve this, the organisation, physical location and domain name must be validated. This will take a day or two, giving a moderate level of trust. A good option for a business or organisation dealing with less sensitive information.
Extended Validation – This is the highest level of security, and an absolute must have if you handle any sensitive information. The Certification Authority will carry out an enhanced review of the applicant. Examination of corporate documents, confirmation of identity and this information will be verified by third party databases. This SSL Certification is easily recognisable as the padlock symbol displayed in a browser url bar.
Where can you get an SSL Certificate from?
You can buy these yourself but the easiest way to get one is via your web host, who will also be able to advise on the correct SSL certificate for your site.
The Domain Validated SSLs are often free. The Organisationally Validated and Extended Validation certificates are always paid for.
Installing an SSL certificate can be a complicated thing to do so most hosts will install them for you, or will provide instructions on how to do it yourself. An increasing number of hosts (including me) install them automatically as soon as your website goes live on their servers.