Some URLs start with:

  • http://

Others start with:

  • https://

Websites dealing with sensitive information like online payments have HTTPS instead of just HTTP.

Because websites using HTTPS are secure and encrypted, meaning any data you enter is safely shared with the website.

This security technology is called SSL, also known as Secure Sockets Layer.

Visitors: Look out for https:// when trusting websites with your essential information.

Marketers: Make sure you have SSL certificates for your websites.

In this article we will learn:

  • What a SSL certificate is
  • SSL certificate types
  • How to get an SSL certificate for your website

Let’s dive right in.

What is an SSL certificate?

SSL certificates are data files that encrypt the link between a web server and a browser.

Keeping all data between the web server and browser private.

The information you enter on an unsecure website can be intercepted by hackers.

This information can be anything from:

  • Bank transaction details

To:

  • Email addresses

This is known as a “man-in-the-middle attack.”

One of the most common ways this attack happens is:

  • Hackers install a program on the website’s hosting server
  • That program records information entered on the website
  • Then it sends the information back to the hacker

But with a website that’s encrypted with SSL, only you and the website can see or access this information.

This connection is instant, and faster than connecting to an unsecure website.

As soon as you visit a website with SSL, your connection is automatically secured.

Types Of Certificates

SSL certificates belong to two different categories:

  • Encryption and validation
  • Domain number

All with three classifications:

  • Encryption and validation certificates:
    • Domain
    • Organisation
    • Extended validation
  • Domain number certificates:
    • Single
    • Multidomain
    • Wildcard

All can be applied for on the SSL website.

Note: Certificate Authority (CA) is the software that grants and runs certificates.

Extended Validation (EV) SSL Certificate

This certificate uses the address bar to show:

  • The padlock
  • HTTPS
  • Business name
  • Business country

This helps visitors stop websites being mistaken for spam sites.

Extended Validation (SV) SSL are expensive, but valuable because they show your domain is legit.

To get an EV SSL, you must prove that you own the domain you’re submitting.

This proves you are collecting data legally like credit card numbers for online transactions.

An EV SSL certificate should be a priority for any business especially ones processing web payments or collecting data.

Organisation Validated (OV SSL) Certificate

Organisation Validated (OV) SSL is:

  • A medium level encryption certificate
  • Verifies that your organisation and domain validation is real

The two steps to obtain this certificate are the following:

  • CA verifies the domain owner
  • Then verifying if the organisation is legally operated

After this is done, website visitors see a small green padlock with the company’s name. 

Note: This type of certificate is cheaper compared to an EV SSL but offers a moderate level of encryption.

Domain Validation (DV) Certificate

The Domain Validation (DV) certificate is:

  • A low level encryption
  • The green padlock next to the URL in the address bar
  • The quickest validation
  • Only needing a few company documents to apply

To obtain this verification:

  • Add a DNS to the CA
  • Then the CA reviews if you own the domain being submitted

Note: DVs secure the domain, not subdomains.

You won’t know who receives your encrypted information, as the CA won’t vet identity data.

So, get a DV certificate, if you can’t afford a higher SSL.

Wildcard SSL Certificates

Wildcard SSLs fall under the “domain and subdomain number” category.

With Wildcard SSL Certificates:

  • A certificate for one domain, can be used for subdomains
  • It’s cheaper compared to multiple SSL certificates for a number of domains

Unified Communications (UCC) SSL Certificate

Unified Communications certificates (UCCs), also known as Multi-domain SSL certificates:

  • Allow multiple domain names on the same certificate
  • Link communication between a single server and browser
  • Allow multiple domain names by the same owner
  • Shown as a padlock in the address bar as verification

Similar to EV SSL if they show green text, padlock, and home country.

But different as it can cover up to 100 domain names.

Note: The Subject Alternative Name (SAN) option is used to alter names.

Examples of Multi-domain names are:

  • www.domain.co.uk
  • www.domain.com
  • mail.example.co.uk
  • checkout.example.co.uk

Single Domain SSL Certificate

A Single Domain SSL:

  • Protects only one domain
  • Can’t be used to protect subdomains or a different domain

For example, a certificate for example.co.uk, can’t be used for blog.example.co.uk or 2ndexample.co.uk.

Get a SSL certificate for your website

First figure out the type of certificate you need.

For example, for content on multiple platforms with separate subdomains, you need different SSL certificates.

A standard SSL certificate can cover your content.

But companies in regulated industries like finance or insurance, need to follow the specific SSL certificate industry requirements.

The costs of SSL certificates also differ:

  • You can get a free certificate
  • OR pay per month for a custom certificate

Let’s Encrypt offers free certificates, but you need:

  • To know about the DNS
  • Help with technical setup of your website

But, make sure to stay up to day as these certificates expire every 90 days.

Remember to think about how long your certificate is valid.

As most standard SSL certificates are valid for one to two years by default.

And longer-term options are offered by advanced certificates.

How SSLs affect SEO

SSL secure information between the visitor and your website, but also benefit SEO. 

SSL is part of ranking algorithms for search engines like Google.

For example, imagine two websites with similar content but one only has SSL enabled.

The website with SSL enabled will get a slight rank boost because it’s encrypted.

So basically, having SSL on your website and its web pages gives a clear SEO benefit.

How to tell if your website has SSL?

There are a few ways you can know if your website has an SSL:

“https://” in the URL, not “http://”.

Remember, an SSL-encrypted website has HTTPS in the URL, not HTTP.

Also, the text can be green, after a green padlock icon.

A padlock icon in the URL bar

Depending on your browser, a padlock icon displays up on the left or right side of the URL bar.

For example, for Chrome and Safari browsers, a padlock icon displays on the left.

Clicking on the padlock reveals more information about:

  • The website
  • The company providing the certificate

A valid certificate

Websites with https:// and a padlock in their URLs can have an expired certificate so your connection is not secure.

To be on the safe side, for websites displaying HTTPS and asking for a lot of personal information, double check for valid certificates.

To find if the certificate is valid in Chrome:

  • Go to “View”
  • Click on “Developer”
  • And “Developer Tools”
  • Then click on the “Security” tab

Follow these steps and you will see if the SSL certificate is valid or expired.

Note: Clicking the “View certificate” button, will show:

  • More information about the SSL certificate
  • The specific date it’s valid until

Remember, just by clicking a padlock icon, you can see if your data is secure.

So, check a website’s encryption status next time you visit.

And, if your business or a business you work for doesn’t have SSL certificates, doing so will protect customers’ data and privacy.

1 thought on “SSL for Beginners”

  1. Pingback: Technical SEO - XXMG

Leave a Reply

Your email address will not be published. Required fields are marked *