You might have heard the term SSL recently and been wondering what it’s all about and if it’s something you should be worried about. For my blog post I thought it’d be good to explain SSL for anyone who unsure.
What is SSL and why is it important?
SSL stands for Secure Socket Layer and it is currently the industry standard for encrypting traffic sent between web server and web browser. Its primary use is to prevent sensitive information such as customer details and credit card information from being read by an unintended third party. By not having an SSL you may deter potential security conscious customers from using your website.
Other notations we use when referring to website security are:
- HTTP – the default protocol for browsing webpages.
- HTTPS – the secure version of HTTP, tells the web server to communicate using the SSL certificate.
So how do you know if a website is secure? Usually the easiest way is to check this is if the address bar has a green padlock in it, this means that the website has an SSL certificate and is loading the content securely. It can vary from browser to browser but there should always be a green padlock somewhere there.
Some websites may have an SSL certificate but not automatically tell your browser to load the page via HTTP, you can check by changing the HTTP part of the address to HTTPS. Some websites may be configured to redirect you back to HTTP automatically. If it is successful, you will be directed to the secure version of the website and you’ll either see a green padlock or one of the following:
Red Padlock or HTTPS crossed out – The page has attempted to load securely but does not have an SSL certificate. It may also popup with a warning in some browsers.
Yellow Padlock or No Padlock – The Website has an SSL but is loading some resources insecurely, it might be an image, a JavaScript library, external resources from a website which doesn’t have SSL set up, any number of things.
Not Secure – Chrome and Chromium based browsers as of recent have put a larger focus on SSL certificates with one of the more recent updates (Chromium 62), adding a “Not Secure” message in the address bar of websites which lack an SSL certificate. This occurs when the user starts entering data on a page loaded via HTTP, for example in a contact form or checkout. [1]
What types of SSL are there?
There are three different types of SSL certificate Extended Validation (EV SSL), Organization Validated (OV SSL) and Domain Validated (DV SSL).
Domain Validated (DV SSL)
This is a simple certificate that just validates a domain, it ensures that the information is encrypted but since it does not have company information it doesn’t identify who is on the other end. It is quick and cheap to obtain since it doesn’t require any additional information, it is the most common type of certificate we set up.
Organization Validated (OV SSL)
Similar to the Domain Validated but this requires some company information to be submitted, this information is displayed in the certificate if the user wishes to confirm it; however, just displays the green padlock in the browser like the Domain Validated one. It’s a bit more expensive and takes longer since the information needs to be submitted to the Certificate Authority (CA) for vetting.
Extended Validation (EV SSL)
Extended Validation certificates are the newest and provide the greatest level of authentication, unlike the previous two this one displays the company name in the address bar next to the padlock and requires a large amount of verification, for this reason it takes the longest and costs much more than the previous two.
Consider what you really need for your website when buying, the Extended Validation SSL looks very professional, but is not really necessary for small businesses or blogs. Also, if you have multiple domains and/or subdomains, upgrades to multi-domain and wildcard SSL’s will increase the price.
If you are interested in getting an SSL certificate, then feel free to submit an inquiry online or call us on 1300 809 424 to have a chat!
Note: We can only set these up on websites hosted on our servers, if you have other hosting you’ll need to contact that provider.
[1] – https://blog.chromium.org/2017/04/next-steps-toward-more-connection.html