What is Secure Sockets Layer (SSL)?

Secure Sockets Layer, or SSL, is a internet security protocol that creates a secure, encrypted connection between your web browser and a web server. First developed in 1995, it has since been replaced with TLS encryption – however SSL is often still used to refer to this protocol.

Sites using SSL/TLS will begin with https:// where unsecure sites use http://. Many browsers will display a padlock icon when looking at a sites information:

How Does It Work?

Put simply, SSL encrypts data that is shared across the internet. That means that anyone who tries to intercept this data will only see a mix of characters that is almost impossible to decipher. Think of it as sending this information in a code.

SSL operates through what’s called an “SSL handshake”, which begins when a user connects to a website. The browser requests the server’s identity and receives its SSL certificate which is a digital document that verifies its legitimacy. The browser then checks the certificate against a list of trusted certificate authorities (CAs). If validated, a secure connection is established, allowing communication between the browser and the server.

Is TSL and SSL The Same?

While SSL and TLS are closely related, SSL is technically the direct predecessor of TLS (Transport Layer Security). This change happened in 1999 when an update was proposed and the original developers, Netscape, were no longer involved.

Ultimately SSL and TLS are the same in their goals, but TLS is the updated, more secure version. The name change was predominantly applied to signify the change in ownership.

Why Is SSL Important?

In the early days of the internet, anyone could intercept and read data that was transmitted over the internet. This means that users who entered sensitive information, such as passwords or credit card details, were at significant risk of having their data stolen or misused!

To combat these security issues, protocols like Secure Sockets Layer (SSL) were developed to encrypt this data, ensuring that only the intended recipient could read it. By creating a secure, encrypted connection between users and websites, SSL has become essential for protecting sensitive information and building trust especially when it comes to online transactions.

Today, SSL is a standard feature for most website, providing users with the peace of mind that their information is safe from prying eyes.

But beyond that, there are also some significant SEO benefits. Google’s algorithm does include HTTPS as a lightweight ranking signal. While it not may have a significant difference in you boosting rankings on its own, not having it can have an affect on your website’s visibility.

Engagement is also a key ranking factor, so you want your users to spend as much time reading and exploring your site. But, if they are hit with a “not secure” there is very little chance that they will stay on your site or engage with your content. This is a red flag for Google and other search engines.

Types of SSL Certificates

There are several of SSL certificates, each serving different needs depending on your website structure and security requirements.

Single-Domain SSL Certificates: This type of certificate is designed for one specific domain only, such as www.example.com.
Wildcard SSL Certificates: A wildcard certificate covers a single domain and all of its subdomains. For example, it can secure www.example.com, blog.example.com, and shop.example.com under one certificate.
Multi-Domain SSL Certificates: As the name suggests, multi-domain SSL certificates can secure multiple unrelated domains with a single certificate. This is the best option for businesses managing several websites under different domains.

In addition to the type of certificate, SSL certificates also come with different levels of validation, which determine how thoroughly the issuing Certificate Authority (CA) verifies your identity:

Domain Validation (DV): This is the simplest and least expensive option. The CA only needs to confirm that you control the domain, making it quick and easy to obtain.
Organisation Validation (OV): This level involves a more thorough vetting process. The CA will contact your organisation directly to verify your identity, resulting in a more trustworthy certificate for users.
Extended Validation (EV): The highest level of SSL certificate, EV requires an extensive background check of your organisation before the certificate is issued. EV certificates are often identified by the green address bar in browsers.

Don’t Forget!

SSL Certificates are only valid for 398 days, after which you websites have 30 days to renew them. These have to be manually done, so don’t forget to check you inbox for and email from your CA for the next steps.

By not renewing your certificate, not only will your website display a “Not Secure” warning, which can deter users and harm your credibility, but it may also lead to data breaches or loss of sensitive information.

Are SSL Certificates Free?

There are ways to obtain an SSL certificate for free. Trusted websites such as Cloudflare provide domain-validated (DV) for free. Additionally, most hosting providers will include certificates when your purchase hosting from them.

Secure Sockets Layer (SSL)