SSL Certificates (HTTPS)
SSL (Secure Sockets Layer) is a security technology that ensures communications between a website and a visitor’s browser remain encrypted. This makes it difficult for hackers to intercept or tamper with those communications.
Websites that have an SSL certificate begin with HTTPS instead of HTTP. When you visit a website with an SSL certificate, your browser displays a small padlock next to the URL bar.
Increasingly, browsers have started warning users when they visit websites that don’t have an SSL certificate and search engines have started actively down-ranking websites that don’t have an SSL certificate. This sanction is likely to become more severe over time, making SSL certificates essential for both security and visibility.
There are three types of SSL certificate: (don’t worry, this isn’t going to be complicated)
- Domain Validation (DV) — The Certificate Authority (CA) verifies that your organisation has control over the domain. This process is completely automated
- Organisation Validation (OV) — The CA verifies that you control the domain and carries out some additional vetting of your organisation and the individual applying for the certificate. This requires applicants to provide some physical proof.
- Extended Validation (EV) — All of the above + the CA conducts a much more rigorous vetting of your organisation and the individual applying for the certificate. The requires much more “real world” effort than is needed for DV and OV certificate applications.
Unsurprisingly DV is the cheapest option, you can even get them for free, and should be fine for most websites.
Here are some resources that will tell you more (including how to get a free SSL certificate)
Getting Started with SSL guide by Let’s Encrypt; you can get a free SSL certificate here (there’s no catch and they are just as good as the equivalent ones you can pay for)
Secure Your Site with HTTPS guide by Google Webmasters
Types of SSL Certificates | What, Why & How by ServerGuy.com
4 common myths about SSL certificates:
Maybe this was (sort of) true in the past, but it definitely isn’t anymore. Websites that don’t have an SSL certificate are down-ranked by search engines and all websites are susceptible to cyber-attacks that intercept or alter transferred data.
You don’t need to be. Anyone can install an SSL certificate in a few minutes with no technical skills required. Most web hosts provide guidance on how to do this, so have a look at your host’s support pages.
Thankfully not. You can get basic SSL certificates for free using a service like Let’s Encrypt, and these should be fine for most people’s needs.
This is a common and dangerous misunderstanding. Having an SSL certificates means communications between a website and a visitor’s browser are encrypted, and difficult to intercept or tamper with. It does NOT mean the website is protected from hackers so make sure that you take care of that too!
If you’d like to learn more about cyber security no matter what level you feel you are at (or even if you aren’t sure where to begin) feel free to contact us for a friendly chat.
Whether you have a specific requirement, a question you'd like answered or would just like an informal chat, contact us.Contact us today