What is SSL
SSL (Secure Sockets Layer) is a standard security technology that establishes an encrypted link between the web server and a browser and makes it impossible to read all the data passed between the web server and the browser.
Websites that are encrypted with SSL, your browser form a secure connection and prevents hackers and middleman from gaining access to your information. This information could be anything sensitive or personal, which may include credit card numbers and other financial information, names and addresses.
Evolution of SSL
SSL version 1.0 was originally introduced by Netscape in the 1990s. But due to security flaws, it was never released. In February 1995, SSL’s first public release was SSL 2.0. While SSL 2.0 also included own vulnerabilities. Due to which it was redesigned and one year later SSL 3.0 was released.
SSL 3.0 was widely used but no longer considered secure due to its vulnerability to the POODLE attack.
TLS (Transport Layer Security) is currently an updated and more secure version of the original SSL protocol. Its final version is TLS 1.3, which was published in August 2018.
Types of SSL Certificates
There are different types of SSL certificates.
- Domain Validation
- Organization Validation
- Extended Validation
- SAN/Multi-domain SSL
- Wildcard SSL
- Multi Domain Wildcard SSL Certificate
- Unified Communications Certificate (UCC)
1. Domain Validation
Domain validation is usually done via email or by making changes in the DNS records.
This is the cheapest SSL certificate and is perfect for a blog. You can get such a certificate in a few minutes or hours. This is best for those who do not need extra security.
- it’s cheap
- Can be obtained in a few minutes or hours.
- Best for blogs and small website.
2. Organization Validation
Certificate Authority (CA) validates domain ownership along with organization information included in the certificate like name, city, and country.
This is better than Domain Validation and takes 2-3 business days to activate.
3. Extended Validation
EV SSL Certificate is the most recommended SSL for any website where a transaction happen. It displays a padlock with the business name in the URL.
Getting Domain Validation and Organization Validation certificates are easy, while Extended Validation certificates require a strict authentication process. It takes approximately 7-10 business days to activate.
Most banking, finance, and e-commerce site use EV certificates.
4. SAN/Multi-domain SSL
Multi-domain SSL Certificates also called SAN certificates. This type of certificate helps to secure multiple domain names. A Single Multi-domain SSL certificate can secure up to 100 domains.
It’s is available with Domain Validation, Organization Validation and Extended Validation.
5. Wildcard SSL
A Wildcard SSL Certificate secures your domain and unlimited sub-domains under a single certificate. It’s available with Domain Validation (DV) and Organization Validation (OV).
6. Multi-domain SSL Certificate
This type of certificate secures multiple domain names with an unlimited sub-domains. You can get it with domain validation (DV) and organization validation (OV).
7. Unified Communications Certificate (UCC)
Unified Communications Certificate (UCC) are specifically designed to secure Microsoft Exchange and Microsoft Office Communication environments.
It works like Multi Domain SSL certificate and secures up to 100 domains using the same certificate.
Top SSL Certificate Providers
There are lots of SSL Certificate Providers companies in the market. Below I have listed some top providers.
1. Let’s Encrypt
Let’s Encrypt is a free and reliable SSL certificate provider that allows you to install HTTPS on your blog at zero cost for a lifetime. Let’s Encrypt is valid for 3 months and after that, you have to renew it, which is free. You can enable automatic renew setting.
2. Cloudflare
Cloudflare is a CDN company which also provides SSL. Apart from this, you can also take advantage of its FREE SSL. Here’s a guide – How to Setup CloudFlare Flexible SSL in WordPress Site
3. Comodo
Comodo is a top class HTTPS providers company. It offers you a free SSL certificate for 90 days. After this, you have to renew it.
4. SSL For Free
SSL For Free is also a good website for getting HTTPS in free. It provides free HTTPS for Lifetime and you never have to pay for it.
In addition, you can purchase an SSL certificate from The SSL Store, GeoTrust, RapidSSLonline, SSL.com, GoDaddy, Network Solutions or contact your Domain Registrar.
Check Before Buying SSL Certificate
When purchasing an SSL certificate, you have to consider some important things.
1. Brand name
There are lots of companies in the market that sell SSL certificates. But it would be better to buy SSL certificates from a big and reliable brand.
2. Level of Encryption
There are several levels of encryption. You must have at least 128-bit SSL certificates to accept credit/debit cards.
- Dedicated SSL – Completely owned by one user and you have to pay for it. Most brands offer Dedicated SSL.
- Shared SSL certificates – Usually free, perfect for blogs and non-sensitive website. But not recommended for e-commerce sites.
Dedicated SSL certificate comes with great support while Shared SSLs don’t have support.
How to Check if a Website is Using SSL/HTTPS
If a website is using SSL / TLS, then most browsers mark a secure connection with padlock and/or messages. Here is a screenshot of Chrome browser.
What Are The Benefits of Using SSL
There are several benefits of SSL:
1. SSL Protects Data
SSL establishes a secure connection between users and web servers. When you enter your personal information on the Https site, it prevents hackers from stealing information.
SSL certificate encrypts the connection and protects visitors’ data from being hacked.
Without SSL/TLS, data is sent as plain text. While SSL/TLS provides encrypted connections and sends data as code.
Therefore, it is very important to have HTTPS on banking and ecommerce sites. Because you enter your login credential and credit card information on this.
2. SSL Improves Visitors Trust
If you use SSL on your site, the visitor will trust on your site. Your website will appear with the security padlock in the browser’s address bar. This shows that your site is secure and takes the visitor’s privacy seriously.
3. SSL Boost Website SEO
Another great benefit, if you use SSL/HTTPS on your site, then it helps boost your website SEO. Google provides a better rank to SSL/HTTPS website in search results.
You can read this on Google Webmaster Central Blog – HTTPS as a ranking signal
4. Chrome Warnings
July 24th 2018, Chrome 68 and above versions are marking all non-HTTPS sites as “Not Secure”. That’s why HTTPS is very important!
5. Improves Your Site Performance
TLS 1.3 offers a number of improvements for better performance and security.
Cons of using SSL Certificate
There is also some disadvantage with the benefits of SSL.
1. Money Cost
You have to spend money to buy SSL. However, if you have a blog, you can get a free SSL certificate by Let’s Encrypt and Cloudflare. Here security is not the most vital factor. But for an eCommerce site, paid SSL is very important.
2. Traffic and Search Ranking
If you make a mistake in installing SSL certificates on your site, then your search ranking and traffic may drop dramatically. And many new bloggers face this problem.
But do not worry, here’s a guide – How to Properly Move WordPress from HTTP to HTTPS
3. Mixed Content Error
When you install an SSL certificate on your site, your web page can show insecure content after opening in the browser.
Due to which many visitors are scared – these sites are not safe for them and they exit the site by clicking on the back button. As a result site traffic decreases gradually.
Wrapping It Up
SSL (Secure Sockets Layer) establishes an encrypted link between the web server and a browser. It keeps all transmitted information encrypted and secures between you and the website.
Furthermore, visitors trust on HTTPS sites. Search engines like Google offer a higher rank in search results.
Again, For Banking and eCommerce website, SSL certificate is very important. This type of website takes sensitive/personal data such as login credential & credit card.
Find this article helpful? Don’t forget to share!
Leave a Reply