What is an SSL certificate and why you need one for your website

Security is an ever-present concern on the Web. Sensitive data such as passwords, usernames and credit card information are regularly sent to and from website databases, creating security risks if a web platform or app isn’t secure. An SSL certificate is one such way of toughening up the security of a website for your users.

What is an SSL certificate?

The acronym “SSL” means Secure Socket Layer, which is a fancy way of saying that SSL certificates add a layer of security to HTTP requests. It works by creating an encrypted connection between the user and the website through the usage of two keys, a public key and a private key. That way, sensitive data, such as login or payment details, is encrypted and can only be decrypted using said keys as well as session (secret) keys, meaning that bad agents such as hackers cannot intercept that data when you send it to a website.

As the name implies, an SSL certificate is also a digital certificate of trust, telling your users that your website is secure. This is demonstrated to the end user in two ways:

  • By adding an “S” (for “Secure”) to the hypertext transfer protocol section of your site’s URL structure (i.e. “https://” instead of http://);
  • By showing a locked padlock icon (🔒) in most modern browsers next to the current page’s URL. Users usually can also check details of your SSL certificate, such as what entity issued it, by clicking the symbol.

There are three types of SSL validation:

  • Domain validation: the most basic type, it covers encryption and verification of the domain name;
  • Organization validation (OV): everything domain validation implies plus details of the organization that owns the website;
  • Extended validation (EV): as the name implies, the most extensive type, it adds a verification of the legal, physical and operational existence of the entity that requests it.

What is a Certificate Signing Request (CSR)?

A Certificate Signing Request, colloquially called just “CSR”, is an encoded data file that your server generates and sends to a Certificate Authority (CA) with your public key to request a digital certificate. It includes the common name of your server (the domain), the legal name of your organization, the unit of your organization requesting the certificate, the city, state/county/region and country where your organization is located and an email address. In layman’s terms, it’s a request for an SSL certificate, telling the organization that will generate your certificate the details it needs to do so.

What is a Certificate Authority (CA)?

A Certificate Authority or CA is the provider that issues SSL digital certificates after verifying their identity through the CSR. It’s essentially the entity that validates your encryption and certifies your website as secure so that your users can trust it.

What is TLS?

TLS stands for “Transport Layer Security” and is the evolution of the traditional Secure Sockets Layer. It started life as SSL 3.1 but, to avoid the association with the term “SSL” (which was originated by a now-defunct pioneering Web browser company, Netscape), changed names to TLS along the way. That said, the term SSL is still widely used, often interchangeably with TLS, although you may also find a combination of the terms, “SSL/TLS”.

What impact does SSL and HTTPS have on a website?

As mentioned, the first and main purpose of SSL/HTTPS is security. Because data is encrypted, your website will immediately be much more secure for your users and protected against man-in-the-middle attacks, although this doesn’t mean you shouldn’t take other steps to further secure your website.

Beyond that, another big component of SSL is trust. Because it is a digital certificate that has to be validated by an entity, it lets users know that your website is protected and that they can feel safe to browse it. Moreover, certain browsers, such as Google Chrome, now actively warn users when a web page is unsecure, motivating users to distrust your website and leave before even accessing it.

There is another layer to SSL that is even more important for your business: search engine optimization. Just as the Chrome browser notifies users of non-HTTPS pages, Google’s search engine vastly prefers SSL-enabled websites over unsecured ones. As such, having an SSL certificate is one of the first SEO steps you should take in order to improve your website’s presence in search engine rankings.

How to add an SSL certificate to your website

Generating an SSL certificate for your business can be a complex and technical process. Here are the broad steps on how to do so from scratch:

  1. Check your server’s records through ICAAN Lookup to make sure they’re up to date before you do anything else;
  2. Generate the Generate the Certificate Signing Request. This can be done in a variety of ways, depending on the type of server you have. If you use cPanel, the easiest option is probably through the SSL/TLS Manager, via the option “Certificate Signing Requests (CSR)”. You’ll have to manually insert all the information necessary for the certificate (see above). You can also use DigiCert’s online OpenSSL CSR creation tool;
  3. Submit your CSR to a Certificate Authority of your choice to get your domain validated. There are plenty to choose from, but Let’s Encrypt has been gaining in popularity for being an open-source (read: free) CA;
  4. Install your SSL certificate on your server. Once more, the easiest way is through cPanel’s SSL/TLS Manager, where you’ll pick the domain for the SSL, add the certificate (CRT) manually as well as the private key and the Certificate Authority Bundle.

If all that sounds like a lot of trouble, you’ll be happy to know most Web Hosting companies provide easy SSL certificate services. Many Web Hosting services include a paid option to generate an SSL certificate for your website, paying upwards of €70/year and up to €200/year for the certificate to be generated and installed for you on your website. Unlike those, Neoxea’s web servers include a free SSL certificate installed for you, so you don’t have to worry about it at all, alongside a slew of other security and performance features to ensure you get the best possible web server for your business. Check our plans to find out more and get your own Web Hosting with Neoxea.