What is an SSL certificate and why do you need one?

What is an SSL certificate?

SSL stands for ‘Secure Socket Layer’ and is a widget that encrypts data sent between your website and the visitor’s browser, whether that’s on a computer, tablet or phone. The ‘certificate’ is the bit of data that tells the browser that your SSL is a valid one.

How do you know whether or not you’ve got one?

There are two ways to tell if you, or the site you’re visiting, has an SSL certificate (depending on which browser you’re using) – the URL of the site starts with ‘https’ instead of ‘http’, and you see a little padlock (usually green) in your browser bar:

 

Who needs an SSL certificate?

This is where it all gets interesting!

Until 2016, only sites processing sensitive information such as payment details needed to have an SSL certificate.

However, the internet is still widely seen as a largely unsafe place to be, and even non-sensitive data can be useful to ne’er-do-wells who could use it for such things as identity theft, so Google decided to start encouraging all sites to install SSL certificates. Google started to do this by giving extra ranking points for sites which use SSLs.

Google has now turned from the carrot of extra points, to the stick of warning visitors about sites which are still not secure, as have many anti-virus and firewall providers, such as Kaspersky and Norton.  How they warn you varies, but you may get anything from a missing green padlock so a big fat warning that says something along the lines of ‘This site may be dangerous, are you sure you want to proceed?’.

So how do you get an SSL certificate?

If your web host allows it, you can sometimes install the SSL certificate yourself, though you will need access to your site’s control panel. Failing that, you’ll need to contact your host (or your web developer) and ask them to do it for you.

How much does an SSL certificate cost?

SSL certificates come in grades, from the least secure to the most secure. Generally the more secure the SSL certificate the more expensive it will be.

The good news is that there is now a free SSL certificate called ‘Let’s Encrypt’, though you may have to pay a one-off installation charge (it averages about an hour to install one certificate). From there, prices range from a few pounds a month to several hundred pounds a year.

Note that not all hosts offer the free certificate, so your first port of call should always be them (or your web developer).

And be warned – Let’s Encrypt does not offer the same robust security that a paid-for certificate does, so they’re fine for sites which don’t process payments or other secure data. If your site does either of those then you really need a paid-for certificate.

Where to go for more information

Contact your host or your web developer in the first instance. If they can’t help, feel free to give me a call or drop me an email:

Jackie Latham, 07762 140 433, or jackie@jackdawwebdesign.co.uk.