As malicious attacks become more widespread, aggressive and advanced, security is becoming more important than ever. While there are hundreds of ways you can increase your site's security, there’s one simple thing everyone should do to get off to a good start – getting an SSL certificate. Server packages such as VPS hosting offer SSL certificates to signify to site users that their data is secure.
So what is an SSL certificate, how does it work, and what are the benefits of being certified?
What is an SSL certificate?
SSL is short for secure sockets layer and, in practical terms, is a certification that provides a secure connection over the internet – most commonly between a user’s browser and the website they’re visiting. By encrypting that connection, SSL prevents the interception of data during transmission, which keeps data protected and adds even more benefits on top.
What does an SSL certificate do?
As you get a better idea of how SSL works, you’ll understand how much your site can benefit from certification. For starters, an SSL certificate can act as visual confirmation to users that your website is a safe and secure environment. This is especially important if you users are asked to input personal information and payment details.
Similarly, making sure you have an SSL certificate helps to build trust with users, who will immediately recognise your site as legitimate and trustworthy. In fact, over 75% of websites now employ SSL and HTTPS as their first line of defence.
What's the difference between SSL vs TLS?
Standing for Transport Layer Security, TLS is a protocol that encrypts data transferred between a web server and user, just like SSL. On the surface of it, there's not really a huge difference between them. They both do the same thing, but TLS is the upgraded, more secure version of SSL and you'll only find the differences when you dive into the really technical details of how they work.
Many providers like us now use TLS encryption because of the security benefits, but it's still industry-standard to refer to them as SSL certificates.
How do I know if I’m using SSL?
The way a website indicates the presence of an SSL certificate differs across web browsers.
An SSL certificate in Google Chrome
If you’re visiting a website in Google Chrome, the main indicator of a valid SSL certificate is the use of ‘https://’ at the beginning of the URL, rather than just ‘http://’.
In terms of a visual indicator, you’ll typically see a padlock icon in the address bar before the URL of the site:
But, Google did announce in 2021 that Chrome M93 would include an experiment that replaces the lock icon in the address bar with a more neutral 'dropdown'-style arrow to improve access to other security information.
An SSL certificate in Microsoft Edge
When visiting your site in Microsoft Edge, it'll look quite similar to what we're used to in Chrome (pre-M93 experiment). If the connection is secure (i.e. has a valid SSL certificate) you'll see a lock icon in the URL bar:
If a site doesn't have an SSL certificate the address bar will indicate an insecure connection with a triangle warning icon:
Benefits of SSL certificates
There are multiple benefits to using SSL certificates, so let us run through a few of the main ones:
- Protect data
- Reduce the risk of phishing
- Increase your search engine ranking
- Secure your customer payments
- Showing your users you can be trusted
We’ve already mentioned it but the main benefit of SSL is protecting data. By encrypting the data being transferred to and from the site, it protects it from being read by anyone malicious who tries to access it. Even if there’s a data breach and some of the data is intercepted, it will make it almost impossible to be understood due to the level of encryption it involves. Your visitors can feel safe in the knowledge that their data is in good hands.
Those visual indicators we mentioned above are also key to preventing phishing. If you’re unfamiliar, phishing websites are fraudulent sites made by those who aim to steal user data. They’re often very convincing replicas of legitimate websites, and try to trick visitors into entering their personal information. A valid SSL certificate on your website is an obvious way of showing that you’re the real deal, which can help your visitors avoid phishing attacks.
How highly a website ranks in search engine results is key to its success. In 2014, Google announced that it would start including SSL and HTTPS as a factor in its search rankings. With so many websites using SSL, the reality is that without a valid certificate, a website is very unlikely to rank highly (or at all). Google visibly supports and endorses the use of SSL certificates to secure your website.
The encryption we talked about in point two also obviously applies to payment data. When your customers are sending their card details to your site, having HTTPS in the address bar shows that you’re encrypting and protecting those details. In fact, PCI (Payment Cards Industry) regulations require at least 128-bit encryption on any payment data being transmitted, so if you’re taking payments from customers, having an SSL certificate is the bare minimum.
We've mentioned it already but we'll say it again, above all of those technical points, a huge benefit of having an SSL certificate is that your customers know they can trust you.
Without one, visitors trying to navigate to your HTTP-only site using Chrome will be shown an intimidating screen with a warning symbol telling them their connection isn't secure. It’s like having a big warning barrier outside a shop, warning those trying to enter that they might have their wallet stolen if they go in. Visitors to the site then have to click on a very small advance button to actually reach the unsecured website.
How to get an SSL certificate
Getting SSL certificate verification for your domain is pretty simple. General practice is to apply through an independent certificate authority (CA). Because CAs are third parties, their digital signature is considered trustworthy.
Once you’ve received a certificate from the CA, you should apply it to your website through your server. Usually, your website host will handle the activation, after which users will be able to visit your site securely.
Otherwise, many hosting and server providers include SSLs in their packages so all of your sites would be covered.
How much does an SSL certificate cost?
When debating whether to get an SSL certificate, the benefits definitely outweigh the drawbacks. But the most common obstacle that domain owners come across is finding the right SSL certificate for their website.
It's possible to get an SSL certificate for free, but only for up to 90 days, so it's important that you continue updating SSL certificate validity after each period expires. Free certificates offer less complex security features than paid versions and are usually suitable for smaller sites and blogs, rather than businesses.
Alternatively, purchasing a premium SSL certificate will generally cost between £25-50 per year, with prices varying depending on the level of service you require. There are packages that far exceed this cost, while at the other end of the spectrum some basic packages can be bought for as low as £6 per year.
How to update an SSL certificate
Once your SSL certificate expires, your website can become vulnerable to hackers. Fortunately, you can begin the process of updating SSL certificate validity up to 90 days before the expiration date:
- First, generate a new certificate signing request (CSR). A CSR is a portion of encoded text that identifies your company name and domain. You’re required to present this to your SSL provider upon renewal.
- Once you've successfully completed your CSR, you can log in to the account you created when you initially applied for an SSL certificate and choose whether you want one-year or two-year certification, then confirm your order.
- Once approved, your website will continue to be protected by your SSL certificate.
Wondering where you can get your own SSL certificate? At Fasthosts, we include them for free for the first year with our Web Hosting, WordPress Hosting, and Website Builder products. We also offer them as part of our VPS Hosting packages too. To find out more about what SSL can do for you, contact our expert sales team today.