Why You Should Always Use an SSL Certificate
You’ve probably heard the precautionary adage “safety first” as someone verbally qualifies their course of action before adhering to said safety measure. In terms of internet and website security, SSL certificates are the virtual “safety first” adage and action. This is why you should always use them.
Unless you plan to play it fast and loose with customer data and website security, which will give you a pretty bad reputation with your users and visitors. Not to mention a poor SEO ranking on Google.
What is an SSL certificate?
So, what is this virtual representation of this protective adage? What is an SSL certificate? An SSL certificate is a security protocol that encrypts all data between a web server and web browser.
That means when you use Google (or any major browser) to connect to your favourite hosting website (*cough cough* HOSTAFRICA), all the information exchanged between your computer and the server can’t be read by other computers. Don’t worry about humans reading it, since most of us don’t speak in computer code.
Think about it as English being your first and only language. If someone speaks to you in Mandarin, you won’t know your finger from a bar of soap, whether they give you the message in writing or clear speech. It works exactly the same when your data is encrypted. The server and web browser communicate in a language only they know, making it safe, secure, and ideal for a little bit of gossip (if computers were capable of such a thing).
SSL stands for Secure Sockets Layer. You can identify if a website has this certificate by looking at the URL. A secure website will start with https:// as opposed to the uncultured http://. As you may have guessed, the s stands for secure.
Some browsers may also show a little padlock next to URL which indicates pretty much the same thing. You can even click on the padlock, then select Connection is secure and see if the site’s SSL Certificate is valid.
How does your SSL certificate work?
SSL technology works by encrypting data that is being transferred between networks. Only the receiver of the data has the key to unlock the code to access the encrypted data. The protocol uses symmetric and asymmetric encryption.
Asymmetric encryption uses a public key to scramble the data that is being sent out. Once the data is received on the other end, the receiver will use their private key to unscramble the data. If the data is intercepted before it is unscrambled with the private key, it’ll show a bunch of gibberish.
So, an example of your connecting with a secure website will work like this:
- Your browser sends a message to a server (let’s say HOSTAFRICA) that it’s trying to connect
- Your browser also asks that our server identify itself first (“Hands up, knave!”)
- Our server then sends a copy of its SSL certificate to generate a symmetric session key (reaching for or permit…)
- Your browser verifies if the SSL certificate is legitimate. If it concludes that it is, your browser lets our server know everything is in order
- After that, our server sends a virtually signed acknowledgement to start an SSL encrypted session
- No shots fired, we’re all friends, and you’ve just become complicit in computer gossip.
This may seem like a lengthy process, but it happens in milliseconds.
Why do you need an SSL certificate?
Mainly because you want to keep user’s data secure and show that your website can be trusted. If you ran an online store that did not have an SSL certificate it would not incite safety and security in your customers. They’d be worried someone might steal their banking details, personal information, or any other data they provided your website.
In fact, Google now flags websites without an SSL certificate as “Not secure”. This is enough to make most users bounce immediately.
Think of it as doing shopping in busy street market. You’re just trying to get some artisan spices for your stew, but you could end up being pickpocketed without even knowing it. It works the same way without an SSL certificate. Your data could easily be intercepted, and you would be none the wiser. Not until you get a message that you’re taking a trip to South America while watching television on your couch.
Some of the valuable information that an SSL certificate protects is:
- Banking and card information
- Login details
- Personal information like address, full names, etc.
- Contracts or legal documents
- Proprietary information
What type of SSL do I need?
So, we’ve convinced you that an SSL is imperative for safe traffic and general peace of mind, but which type of SSL should you opt for?
Before you decide, however, it’s important to note that types of SSL certificates offer the same protection. The only difference is the number of domains it covers and the level of validation.
Let’s take a look at the different types of SSL certificates and what they mean.
Different types of SSL certificates
There are three different types of SSL certificates.
Single domain SSL certificate
The single-domain SSL certificate can secure one Fully Qualified Domain Name (FQDN) or one individual subdomain, hostname, IP address, or mail server.
A FQDN includes all 3 domain levels: the top-level domain (TLD) aka extension, the second-level domain (domain name), and third-level domain (sub-domain). An example is: www.hostafrica.com
It’s important to note that most SSL issuing authorities will also secure your domain name without the www
sub-domain for free. So, if you buy an SSL certificate for www.hostafrica.com
, then hostafrica.com
will be secured too. However, it doesn’t work in reverse.
On the other hand, if you buy an SSL certificate for hostafrica.com
, then www.
hostafrica.com will not also be secured, and you’ll need to buy another SSL for www.hostafrica.com
.
If you have several subdomains like blog.
hostafrica.com, shop.
hostafrica.com, and mail.
hostafrica.com, this Single Domain SSL isn’t the right choice for you.
Wildcard SSL certificate
Wildcard SSL certificates offer protection for a single domain name and all its subdomains. All means an unlimited number of subdomains.
“Wildcard” (*
or ?) represents a placeholder for any value. In this case the wildcard is situated before the second-level domain i.e., *
hostafrica.com.
This means it applies to any third-level domain, so the domain you bought your Wildcard SSL for can also have anything in place of the *
and those domains will be protected as well, i.e., www.
hostafrica.com, my.
hostafrica.com, login.
hostafrica.com, en.
hostafrica.com, etc.
Hence, this is the most cost-effective option if you have 1 domain and several sub-domains.
Multi-domain SSL certificates (MDC)
This bad boy provides SSL protection for several different domains, depending on the authority issuing the certificate, up to 250 different domains. It also covers all the subdomains of each of the respective domains.
So, if you own www.hostafrica.com
, my.
hostafrica.com, www.domainking.ng
, www.vps.co.za
, and www.amplehosting.co.za
, then a multi-domain SSL certificate is your best option.
Different levels of SSL certificate validation
As the name implies, SSL certificate validation requires that the issuing authority first verify a few things before the certificate is awarded. If this weren’t the case any scam artist could qualify for an SSL certificate.
There’re different levels of validation, ranging from a simple verification email to an entire background check. Let’s take a look.
Domain validation SSL certificates
The most basic of the bunch. You can obtain a domain validation (DV) by proving that you are the person who controls the domain. Most times this process is automated, but if it isn’t simply provide the domain name system (DNS), or change it to reflect you as the owner.
As you’ve guessed, this is the most cost-effective validation and is ideal for people looking to secure their portfolios, blogs, or small businesses that doesn’t sell products.
Organisation validation SSL certificate
A bit more legwork is required here in the vetting process. The certificate authority (CA) will make a few requests of the organisation to confirm they are who they say they are.
This Organisation validation (OV) SSL certificate will include the organisation’s name and address, building even more trust for the users. OV certificates cost a bit more than DV SSLs.
Extended validation SSL certificate
Extended validation (EV) prompts a full background check of an organisation. The CA will confirm that the company is legally registered as a business and their offices are present in the location they claim. They’ll also request an opinion letter from a lawyer, business resolution, among other things.
The process may take some time but provides SSL assurance like no other validation level. You can spot an extended validation certificate by checking the URL bar as the entire bar will be green, denoting maximum protection.
Major businesses should opt for extended validation certificates, especially if they handle sensitive customer data like passwords, credit card information, and personal information.
How do I get an SSL certificate?
Well, you’re in luck. We can hook you up with a secret password for your website to make your website’s gossiping escapades as secure as they come. Our SSL certificates start from R249 per year. SSLs can only be issued by CAs (Certified Authority’s), which we are. Not to mention the free SSL we throw in if you decide to create your own website.
If you’ve been operating like the Wild West when it comes to website security, we recommend you give our SSL options a look. If you haven’t created a website yet at all and are looking to start one up, take a look at our guide on how to start a WordPress blog.
FAQs
We’ve summarised some of the key points in this post into nugget-sized insights for you to snack on.
What is SSL?
Secure Sockets Layer (SSL) is an internet security procedure that encrypts all data transferred between a web server and a web browser, protecting it from being intercepted in transit and read by cyber criminals looking to steal and sell this data.
What is HTTP?
Hypertext Transfer Protocol (HTTP) is the standard procedure for fetching internet resources such as web pages (hypertext documents) and images and video (hypermedia).
Clients (normally your web browsers like Chrome and Safari) request say, a website from the server, then fetches the necessary files, and compiles and displays the site to the user.
This data, sent from the server to your browser, is sent in plain text, which is very insecure. If you give any personal details to a website that only uses HTTP, that data can be intercepted, easily read, and abused (used for fraud or sold).
What does HTTPS indicate?
The S in HTTPS indicates the Hypertext Transfer Protocol (HTTP) is Secure. This means data transferred between web servers and browsers is encrypted and validated with super long cryptographic keys that no one can crack, protecting it from interception and theft.
Are there free SSL certificates?
Yes, Let’s Encrypt is a trustworthy, non-profit certificate authority that provides free Single domain SSL certificates. It’s just as secure as a paid certificate and ideal for owners who need to secure a single domain with no sub-domains.
The only caveat is if you get the SSL from Let’s Encrypt, you’ll have to install the certificate manually and need SSH access to your web server. If that is Greek to you, you can simply get your free Let’s Encrypt SSL from a hosting provider like us who offer cPanel, which automatically installs your free SSL for you.
Is free SSL safe?
Let’s Encrypt is a trustworthy, non-profit certificate authority (CA) created by the Internet Security Research Group (ISRG) and hosted by the Linux Foundation. They provide free, safe SSL certificates to anyone.
In fact, they’re funded by hosting and tech giants IBM, OVHcloud, AWS, Firefox, Automattic, Chrome, RedHat, and many more. We’d go so far as to say they’re the only free CA that should be trusted.
Conclusion
All in all, that little padlock next to your website’s URL will provide a ton of value. Not will only will it keep the bad actors out, it’ll keep good vibes in. Nothing quite like hanging out somewhere and not having to tap your pockets. Well, an SSL certificate is the equivalent of just that, and that’s a feeling of security that has intangible value.