In an age when consumers buy products without ever seeing a vendor’s face, online security has to be obvious and unassailable. The acronym SSL stands for ‘Secure Sockets Layer’, a form of encryption that prevents third parties stealing information. Customers and visitors to websites feel much more comfortable when they know they are safe—meaning a strong SSL certification leads to more sales.
An SSL certificate means the communication between a website’s server and the visitor’s web browser is encrypted, making it very difficult to intercept information or ‘eavesdrop’ and steal details. When a website has SSL certificate protection, a padlock will appear in the browser address bar and/or the website name will be presented in green. Think of this as a trust mark, a way of ensuring that the entity you are sending or receiving information from is who they claim to be. The web address will also be preceded by the letters ‘https’.
SSL generates matching cryptographic keys each time a new computer begins communicating with the server. This is called the ‘handshake protocol‘ and it uses symmetry to keep an open line of communication safe. Think of it as a shared, locked box that both visitor and host have the only keys to—no one else will be able to see what is inside. Since SSL certificates are used by millions of websites to cater to billions of visitors, each time a connection is made it has to be unique.
Search Engines and SSL Certificates
In recent years, Google has begun to reward sites that use 2048-bit SSL certificates with better search rankings. Although in practice so far this has only meant a small rise, the future promises much more to those who are willing to secure their websites. Eventually all web traffic (especially transactions of any kind) will be secured with SSL, so it makes sense to follow good SEO practices now rather than later. Besides, websites with SSL certificates enjoy a lot more business than those without. Considering present-day concerns about web security being stronger than ever, that little green padlock symbol will do more for a business than anything else they could possibly do right now.
Web hosting providers can issue SSL certificates for websites that are recognised by the Certification Authority/Browser Forum, making good security inexpensive and simple to acquire. Considering it almost always encourages a positive bump in sales, an SSL certificate generally pays for itself—and then some. Web hosting solutions can occasionally include a ‘flexible’ option, whereby you only pay for what you actually need. The stronger the SSL certificate the more time it takes to issue, the higher the price—but not every website needs the same level of encryption!
SSL certificates are all about trust, which is why some certificate issuers charge much more than others. Customers feel more comfortable with recognised names, but if the issuer is recognised by a certification authority then their security is just as good as more expensive brands. SSL is compatible with a near-universal 99% of web browsers and all of the most popular ones like Firefox and Chrome. Most SSL certificate providers also include a ‘trust seal’ logo that websites can use to further display their commitment to customer security—and since each company’s seal is different, it makes sense to shop around and include the quality and ‘professional’ feel to a seal when deciding where to procure a certificate from.
Since an SSL certificate will only protect one domain, ‘wildcard certificates’ are now issued more often so that sub-domains are protected too. This is done in the same way as a search might be, with an asterix in front of the domain name to allow for a changing secure connection. Although this is a great and cost-effective way of protecting a website with multiple sub-domains, there are a couple of draw-backs. The first is that should one of the sub-domains become compromised, all of them are vulnerable. To fix it, websites will need to renew all of the certificates instead of just one. The second is that several mobile web browsers on smartphones don’t recognise the asterix at the beginning of the SSL certificate. There is little indication this will change, so bigger vendors generally shy away from wildcard certificates.
Generating and/or Installing a Certificate
Experienced web users can even create their own SSL certificates to secure their sites, but the problem with this is that although transactions might be safe, users are not provided with the same level of assurance—and their web browsers will not display the certificate as ‘trusted’. One of the major reasons to get an SSL certificate in the first place is to make the customer feel safe (and thus more likely to make purchases). If their web browser doesn’t trust a site, then neither will they. A ‘self-signed’ certificate will also not come with the insurance of a warranty like a major authority-issued certificate would. It’s a nice reminder that should your certificate be compromised by a malicious entity, at least transactions can be compensated. This will not be the case if a website has issued its own certificate. No encryption is truly ‘uncrackable’.
The internet has changed dramatically since its inception and it is no longer good enough to simply observe honest business practices. When a bug like Heartbleed can affect even the biggest companies, it’s important to recognise that vigilance is imperative when maintaining web security. Heartbleed took advantage of an SSL vulnerability, that’s true, but the real danger came from too many sites not responding to the threat of compromised information with an emphatic response.
Website creators need to think of SSL certificates as standard operating procedure nowadays, and not an added extra should the funds be available. Eventually all transactions will be digital and if a company doesn’t value its customers enough to use an easy, secure form of protection, then those customers will shop somewhere else.