Anyone who browses the Internet with any attention to what they do and the sites they visit has already noticed a small detail that differentiates some sites from others and that appears next to the address bar and the URL or domain itself: HTTPS and a lock icon green.
If you didn't know, from now on, be sure that these sites use SSL certificate. Well, you must be assuming it is good and from the moment you read this article, you can be sure that it is, as well as learn more about SSL Certificate, what it is, its importance for your site, or any site you access on the Internet.
What is SSL?
SSL stands for Secure Sockets Layer and has become a synonym for encrypting online data streams. When installing SSL in a domain, the set of rules or protocol (HTTP - Hypertext Transfer Protocol) that is used to exchange information between your computer and the website accessed - which is originally unsafe - is changed in a secure protocol, which is HTTPS.
When HTTP was created, the exchange of data between two computers did not present the levels of risk that exist today and so there was no concern that someone could have access to such data. But the protocol has vulnerabilities that allow data to be accessed on the path between the device that performs the access and the server.
Currently, the value and importance of the information that travels on the Internet are immensely greater, and leaking such data can cause losses of various orders to companies and people.
How does SSL work?
When accessing a website through an unencrypted connection (HTTP), one can read the data packets on the way between your browser and the server and obtain the information in text form, for example, a name, bank details, or any other information being transmitted.
When you install SSL on the domain, the information exchanged between a visitor's computer and the website is encrypted and from there, "your name" could be displayed as "vbo7r1iaew82BDHEwmp1qYewD + vco9n0yD6g", for example, if someone views the Data package.
This is what encryption does, that is, it alters the data transmitted so that it becomes incomprehensible. Only the server with which you made the encrypted connection has the information necessary to convert "vbo7r1iaew82BDHEwmp1qYewD + vco9n0yD6g" into "your name".
The difference between HTTPS and HTTP is the encrypted and secure transmission of data using TLS. But wait, wasn't it SSL? Why are they talking about TLS now?
What is the difference between SSL and TLS?
SSL and TLS are two different terms for the same thing. Both are methods of encrypting data for websites using a hybrid protocol. However, TLS (Transport Layer Security) is the evolution of SSL (Secure Sockets Layer), in that it reinforces aspects of SSL security, with aspects specific to TLS.
For a variety of reasons, TLS did not have the same level of adoption and currently, SSL has incorporated the improvements contained in TLS and has become a series of continuously updated protocols, and are generally grouped as SSL / TLS.
How do I know if a website has SSL?
Since January 2017, when accessing a website using Google Chrome, an alert is issued when accessing a website without an SSL certificate. With around 72%, Google Chrome is the most used browser in the world. Second, with approximately 15%, comes Mozilla Firefox and in both browsers, sites without SSL are displayed in the address bar with a circled "i", which if clicked shows that " your connection to this site is not secure ".
Therefore, particularly if you provide personal information or data that must be kept confidential, it is important that the site has SSL linked to the domain. Now that you are able to identify, be aware of who takes care of the security of your information.
Does SSL improve a website's SEO?
Yes. Since 2014, Google has been considering with relevance the adoption of digital certificates by a domain, among the many aspects of ranking the sites in the organic results of its search and thus a site with SSL installed takes advantage over a that you don’t have, in the organic Google search results.
SSL encryption makes the company's website more secure and strengthens customer confidence in the website accessed, indicating that the company responsible for the website values the security and confidentiality of its customers' data, resulting in valuable points for the websites that use it.
Why is SSL important to Google?
The encryption symbol thus corresponds to a sign of quality and security in the way the information is transmitted. If an SSL-encrypted web page is accessed, the requested server will respond first with a certificate, which is issued by a certification authority (CA), such as Global Sign or Symantec. The certificate allows the user to verify the identity of the server, the company behind the website, and the validity of the encryption.
According to Google, the way the ranking system works and how the results are displayed aims to provide a better user experience, increasing the possibility of delivering exactly what you are looking for, ensuring that the content you access and your navigation on the site, be safe.
Is it important to have SSL installed?
Yes, for all you have read so far, currently having such a feature is important, but there are some sites where it is not only important but absolutely necessary to have SSL.
Any website on which payments are made, such as using a credit card, is required by the responsible company to make transactions secure, that is, using SSL or that the pages on which the data is provided, are accessed using HTTPS.
In fact, payment gateways - as payment applications are called - only work and validate payments, if transactions occur using an SSL certificate.
How do I install SSL?
Installation is reasonably simple, but if you have no practice or knowledge, you may face some difficulty. In this case, the technical support of your hosting company can guide you as to what should be done, as well as the company issuing the SSL, as long as the certificate is not free.
In addition to the actual installation, in some cases, it is necessary to make some changes to the website code. Depending on which platform you used to create and manage your website, there are options by which with a few clicks and in seconds, the necessary changes are made.
So for example, Magento, which is a platform for developing eCommerce websites, has a quick and easy option for adaptation. Consult the support or documentation of the application you use or the support of your hosting. Many CMSs today offer ways to make the change easily.
If by any chance your website's programming doesn't use development platforms like Magento, Joomla, WordPress, or similar, the adjustment has to be done manually and usually consists of changing the URLs of the website using HTTP to HTTPS.
What types of certificates are there?
Certification authorities (CA's) issue and make available different certificates, from the simplest and cheapest, to the most complete and expensive. Regardless of which option you choose, the most important part of ensuring that data is handled encrypted - and therefore secure - is the same.
The difference between each certificate is due to broader certification protocols and thus, a more “advanced” SSL can display information of the certified company by positioning the mouse cursor over the certificate, instead of a simple lock icon when the side of the browser address bar.
Other company information and verification routines are added to the certificate issuing process, to ensure that the company behind the certificate is suitable, for more advanced and expensive certificates.
Below we list the certificates commonly sold for simple knowledge:
Domain Validated (DV SSL)
Organization Validated (OV SSL)
Extended Validation (EV SSL)
Multi-Domain Certificate/Multi-Domain Certificate
Is a free certificate good?
The importance that has been given to the use of SSL in a domain, has given rise to a few free security certificates, the most popular of which is Let's Encrypt today. Basically and theoretically, the main security layer, which is encryption, works, and uses the same protocols as paid certificates.
But what if it fails? What if support was needed? Well, in this case, you will have to bear the costs and consequences of the breach of security, as the company that issued the free SSL does not offer any type of guarantee or support. It is 100% at your own risk.
When you hire a paid SSL certificate, you have a number of additional features and guarantees, which you can use:
Security - The certification authority ensures that the encryption used cannot be broken. If any failure occurs and the integrity of the data is compromised, there is a refund to compensate for any losses. The amount of this refund depends on the certificate purchased and the certifying company.
Support - you have support from the moment the certificate is installed in your domain, up to simpler issues like security and renewal checks.
Options - you have everything from the cheapest and yet safe alternatives to the most sophisticated, complete, and comprehensive options of mechanisms to guarantee the security of the data and the company behind the website.
Convenience - generally the validation terms, that is, for how long the certification is valid, is longer in paid certificates. So, you don't have to renew SSL as often, as is the case with free ones.
Scope - if you have subdomains that you want to be covered by SSL, a payment is indicated, since, in the case of free ones for each existing subdomain, it is necessary to install an individual free one.
Does SSL protect the site?
It is important to remember that the role of SSL is to increase the security of the information that is transmitted to and from your computer. It does not interfere with what happens inside your device or on the server, that is, on the website itself.
There are many security problems related to the invasion of websites or infection of the visitor's computer by malware (viruses, trojans, worn, etc.), which require other corrective actions and that SSL does not interfere or help.
Where can I purchase an SSL certificate?
Good hosting companies usually provide this certificate service. If you don't already have one and plan to install it on your domain, check your hosting for the options it offers.
Although you can purchase a certificate and install it on any domain hosted by any company in the world, in some cases it is more convenient for reasons of support, cost, and even integration with the infrastructure that you have in the company where your site is hosted, that you buy SSL with your hosting.
If you want to ensure that all information exchanged between your site and your visitors, is made securely, that he knows that your company values and cares about the data you provide, that Google as the main search engine today also have the same evaluation and position it properly, installing SSL on your domain is essential.