What is an SSL certificate and how do I know if I’ve got one?
In this post:
– The difference between http and https.
– An SSL certificate ensures your connection is secure.
– Having an SSL is good for user trust and SEO.
Have you ever wondered why some websites have an ‘http’ at the start of their URL and some have an ‘https’?
The vast majority now have https and that’s for a very good reason. It’s to do with security.
The ‘s’ indicates that the website you’re on has something called an SSL certificate.
‘Ok, great. Although, that doesn’t really help… what’s an SSL certificate?’
Well, glad you asked. Here’s the lowdown on what SSL certificates are, why it matters if a website only has ‘http’ and what to do about it.
The new baseline for browser security
SSL stands for Secure Sockets Layer. This is what keeps your connection secure whilst you are on that website.
In fact, the people that made it say it best themselves:
‘It’s the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private.’
In other words, any information you share with that domain stays between you and the website provider.
When you access a website, your browser communicates with the website to see if it’s got an SSL. If it does, a binding encrypted link is created between you and the website. This ensures no one else can get in.
If that sounds like a long-winded process, don’t worry. It does this pretty much instantaneously. In fact, connecting to a website with an SSL certificate is probably faster than connecting to an unsecure one.
Why is it important to have a secure connection?
Having a secure connection with a website you’re accessing is particularly important if you’re inputting information into the site, for example, filling out a form or purchasing something using your card details.
Theoretically if you were to do this and your connection was not encrypted, a hacker could steal this data.
The way they would most likely do this is by attaching a listening program to the server of the website and then as soon as someone starts inputting their details, bam, it would start to intercept them.
So, by having an SSL certificate on a website you know that the connection is encrypted and therefore completely inaccessible from the rest of the internet.
We’ve talked about the dangers of hacking before. The risks range from somebody getting your email and being spammed with phishing emails, to a hacker actually intercepting your bank details or medical records.
How to check if the website you’re on is secure.
If you’re signing up to a membership or using an e-commerce site it’s a good idea to double check that the website you’re using has an SSL. i.e. is it preceded with ‘https’?
Depending on the browser you use, you’ll usually be notified if something’s up. On Google Chrome, any website that isn’t secure will have an exclamation mark and a note saying ‘not secure’ in the top left-hand side of the URL bar.
Most browsers will also have a green padlock and green text informing you of when a website is secure, particularly when you’re at a checkout or other area where secure information is being asked for.
Does my website have an SSL certificate?
In many cases your website will already have an SSL certificate. Depending on who you got your website from and how it’s been built, this will be covered. But it’s always good to check.
As a business it’s important that visitors to your site feel safe when they’re looking around. Statistics show that website visitors are more likely to clear off if there are any concerns about how secure the connection is.
If you’re asking for details to be filled in or are selling products from your site then it’s essential that you protect user’s data.
Having an SSL is also looked upon favourably by Google’s search ranking algorithm so it may well help with your SEO.
If you need to get an SSL for your site, there are a few different kinds to be aware of.
The standard SSL is fine for most sites and is likely more affordable, if not already provided by your website and domain provider.
If you are in a regulated industry like finance or insurance and have specific requirements for your company then you may need more secure encryption.
Extended Validation or EV certificates would be required for company’s who are handling more sensitive information. These aren’t granted to the website owner until a review into the company has taken place to ensure they are who they say are.
On the flipside, Domain Validated certificates are not so secure. They require no background check into the owner to be purchased. As a user it’s important that you don’t enter sensitive information on a website with a DV SSL certificate as the owner could be fraudulent.
Browsers like Chrome will usually let you know if they think a website fits this profile and isn’t to be trusted.
If you’re a website owner, once you’ve bought a certificate it will have different validity periods and will need renewing periodically.
If you want any more information about this or aren’t sure if your website is secure, get in touch with us and we’d be happy to help.
June 16, 2020
In this post: - Office 365 rebranded as Microsoft 365. - New Monthly Enterprise update channel available now. - Other update channels rolling out 9th June. Microsoft, who recently rebranded Office 365 to Microsoft 365 (more on that below), have also now...
May 11, 2020
If you have received emails that you suspect are phishing attempts you can report them to the National Cyber Security Centre, part of GCHQ, using the email email@example.com With many of us working from home in the current crisis there is an ever-present threat from...
May 11, 2020
In recent months video conferencing software has become one of the main ways we communicate. Leading the way has been Zoom, with its free plan and easy to use app. Meetings and social gatherings alike are taking place on the software or others like it....
April 28, 2020
Storing data is serious business. The question is where is the best place to store your company’s data? Much of the internet now operates through The Cloud and many individuals will use some form of cloud storage whether they specifically asked for it or not....