TABLE OF CONTENTS
Secure Socket Layer (SSL) encryption ensures sensitive data is transmitted securely without interception by third parties. And whether you’re starting an eCommerce business from scratch or building a website for an existing business, it’s important to know about SSL certificates. Having a visibly secure site is a sign that your business is credible and trustworthy. Without that visible indicator of security, shoppers may quickly abandon your website, costing you sales and increasing your customer acquisition cost. Below, we take a look at SSL encryption, SSL certificates, SSL security, and why it’s an important part of your business’ website.
What Does SSL Mean?
Secure Socket Layer (SSL) is a security protocol that creates an encrypted connection between a web server and a web browser.
You may have noticed that some URLs start with “https://” or “http://”. The “s” in “https://” indicates your computer has a secure connection with that website. On a secure website, you’ll also see a padlock icon in the address bar of your internet browser. As a business owner, you should aim for your website to have a secure layer of protection to reassure consumers they are scrolling and potentially purchasing through a secure website.
How Does SSL Work?
In layman’s terms, SSL creates a secure connection between the visiting computer and the hosting website. SSL does this in three ways:
- Encryption: SSL protocol encrypts data passed between a computer and a network. This guarantees that if anyone tries to intercept or steal that data, they’ll receive scrambled data almost impossible to decipher.
- Data Verification: SSL verifies that the data your computer receives is legitimate—like a seal of approval that no one has tampered with the data.
- Handshake: SSL forms a “handshake,” meaning it confirms that the computer and website are what they say they are.
What Is TLS?
Debuting in 1999, Transport Layer Security (TLS) is now one of the most widely used tools to ensure the safe transfer of information from one server or network to another. Having the same purpose as SSL, TLS masks data through a payment gateway to prevent the hacking of online transactions.
What is the difference between TLS and SSL?
SSL encrypts data on both ends, whereas TLS focuses only on the delivery of information. To reword it, SSL is a tool that makes sure the connection between networks is secure—for example, the connection between a visiting computer and a hosting website. Meanwhile, TLS makes sure the transportation of information is secure, like when the visiting computer types in credit card and billing address information to make a purchase. For the most part, SSL and TLS are used for the same purpose and are used interchangeably as terms. Technically, TLS is the correct term for what’s in use today, but SSL is the better-known term.
Why Do I Need SSL/TLS?
If you’re starting an eCommerce store, you absolutely need security on your website. Without SSL/TLS protocol, any personal information your customers type into your page may be intercepted by hackers. Your business can be held liable for damages resulting from a security breach. Additionally, if your website does not have a security certificate, the potential buyer may see a warning stating, “Your connection is not secure,” before they can proceed.
Also, payment processors require business owners to have SSL/TSL to accept payments on their websites. If you’re looking to become PCI compliant, utilizing SSL/TLS protocol to encrypt sensitive data is an absolute necessity.
What Is an SSL Certificate?
An SSL certificate is a file that establishes a cryptic link between a web server and a browser. It essentially codifies information so hackers cannot access it. Installing an SSL certificate is just one way you can ensure your customers shop online safely. It protects data like credit and debit card numbers, investment information, medical data, and location addresses.
How to Know if a Website Has an SSL Certificate
The easiest way to know if a website has an SSL certificate is to check the URL. If a website URL starts with “https://” the “s” verifies that the website is protected by at least one type of SSL certificate. If the site is secured, there is also a padlock to the left side of the URL. Upon clicking this padlock, it should tell you the connection is secure.
6 Types of SSL Certificates
SSL Certificates Based on Validation Levels
There are six types of SSL certificates falling under two categories based on validation levels and the number of domains. Below lists SSL certificates based on validation levels.
Extended Validation (EV)
Extended validation certificates highlight the legitimacy of a company. This certificate displays within the URL—including a padlock, “https,” business name, and the country in which the business is based.
For an EV certification, a business must verify the legal identity and physical address of the website owner. Online banks and eCommerce businesses typically have an EV certification.
Organization Validated (OV)
While an OV certification requires a less rigorous process compared to an EV certificate, it is still a trusted certificate. The OV certification confirms that the domain and business are legitimate.
An OV certification is not as expensive as an EV certification, so is a good choice for businesses that want a level of encryption but cannot afford a top-tier one.
Domain Validation (DV)
DV certification offers the lowest level of encryption. It’s one of the easiest-to-obtain and cheapest certifications. A business only needs to verify that it has ownership over the domain.
With a DV certification, identification information is not verified; only the primary domain ownership is verified, not including subdomains. DV certification is a good option for companies with limited budgets.
SSL Certificates Based on the Number of Domains
There are also a number of certificates dependent on how many domains you need for your website. We explore these certificates below.
Unified Communications Certificates (UCC)
UCC enables encryption for multiple domain and host names. A UCC can also be an EV certificate, allowing you to have the highest level of security validation across your domains.
A UCC can house up to 100 domain names. If a business needs to change a name, there is also a Subject Alternate Name (SAN) option.
A wildcard SSL allows you to buy a certificate for one domain that you can use for sub-domains. This is a great option for small businesses, as it’s more cost-effective than trying to buy several SSLs for one domain.
A wildcard SSL is similar to a UCC, except a wildcard SSL only covers one main domain, whereas the UCC can cover anywhere from 2 to 100.
A single-domain SSL certificate offers the basic level of protection by only protecting one primary domain. If you have a simple website, a single-domain SSL is perfect for you.
However, if you’re in need of protecting multiple primary domains and sub-domains, this is not an ideal option.
How to Get an SSL Certificate
Your first step to getting an SSL certificate is to pick the certificate that meets the necessary security protocols for your business type. For example, if you are in a highly regulated industry, like financial advising, a higher level of security is expected for your industry. Additionally, you’ll want to consider the costs of the certificate you choose.
From there, we recommend you follow the next six steps when looking to get an SSL certificate:
- Make sure all website information is correct.
- Pick the SSL protocol you need.
- Find a Certificate Authority (CA).
- Make a Certificate Signing Request (CSR).
- Submit your request.
- Once approved, install.
- Verify the certificate is installed and displays properly.
Final Thoughts on Secure Socket Layer
Secure Socket Layer (SSL) protocol is an essential component of any professional and trustworthy business processing eCommerce payments. Not only does this security measure improve the overall credibility of your site, but it also provides critical protections to help safeguard your business from potential legal liabilities. With SSL in place, you can confidently and securely collect and store sensitive customer information, knowing every transaction on your site is encrypted and protected. While the process of choosing and implementing an SSL certificate can be intimidating and costly, the peace of mind it provides is well worth the investment.
FAQs About Secure Socket Layers
What does it mean to enable SSL?
For businesses, validating security and installing an SSL certificate will enable SSL. For a website user, you enable SSL through your browser settings.
What is SSH?
An SSH, or a “secure shell,” gives people a secure way to access a computer over an unsecured network. IT professionals commonly use SSH to establish an encrypted connection for system administrative tasks like:
- Securing remote access to resources hosted on a server
- Remotely accessing other computers
- Remote execution of certain commands
- Delivering software patches and updates
- Transferring interactive and automated files
What is a self-signed SSL certificate?
A self-signed SSL certificate is one that the certificate authorities didn’t verify. Advantages of a self-signed SSL include being fast and easy to install, free for businesses on a budget, and suitable for testing websites. However, self-signed SSLs are not verified by a certificate authority and, for that reason, they offer no trust value to website visitors. In fact, visitors will receive a warning message stating that the certificate is self-signed before they can land on your page.
Can I create my own SSL certificate?
You cannot create your own SSL certificate if you want to have it validated by a certifying authority. Some certifying authorities—Let’s Encrypt, Cloudflare, and ZeroSSL—offer basic DV SSL certificates for free. They have you verify ownership over the domain and offer a free SSL certificate in return.
A self-signed SSL is an option but, again, it provides no trust value to the web user.
How much is an SSL certificate?
On the low end, a company could pay as little as nothing, or as much as $1,000 each year. This depends on your industry and the level of security your business needs. On average, companies spend around $60 for an SSL certificate.
What is a Positive SSL certificate?
Positive SSL is a basic DV SSL certificate from the company Sectigo (previously known as Comodo). It’s essentially a brand name of a certain type of SSL certificate.
What is the thumbprint of the self-signed SSL certificate?
An SSL thumbprint is a unique code attached to each SSL certificate, used for the purpose of identifying the certificate. All certificates have a thumbprint, whether self-signed or authority-issued.
Can you use an SSL certificate on multiple servers?
The answer is that it depends. Your certificate authority and license will determine whether or not you can install the same certificate on multiple servers. This is a complicated process, but when done correctly, your servers will each have a copy of the certificate and keys.
What happens if my SSL certificate expires?
Once your SSL expires, you will no longer have a secure network, halting data encrypted and exposing all information to potential hackers. Most SSL certificates are good for 1-2 years so it’s important to not let yours expire.