As part of initiatives to help make the Internet a safer place, search engines like Google strongly encourage websites to install Secure Sockets Layer (SSL) certificates. These certifications encrypt all visitor data, ensuring users the website they landed on keeps their information safe.
Table of Contents: Getting Started With SSL Certificates
- What is an SSL
- Why You Need an SSL Certificate
- Installing an SSL Certificate on Your Site
- Understanding SSL Certificate Types
- Securing Multiple Sites and Subdomains
- Where to Get Your SSL Certificate
- If You Need Help
What is an SSL
SSL is a secure protocol used for communication between a web browser and server. In the context of websites, they help safeguard the data that passes between visitor and website. When an SSL connection is established, all information between the two points undergoes encryption.
Although SSL may seem very abstract to most users, understanding them is not that difficult.
When a web browser first tries to communicate with a web server, it needs to ensure it got in touch with the right one. This first step forms the basis for the connection.
The SSL certificate acts as a guarantee of authenticity, assuring the web browser that it is, in fact, the correct destination point by displaying the server’s credentials. This credential display is digitally signed and cannot be forged.
To establish this level of trust, SSL certificates are typically signed by a handful of companies (known as Certificate Authorities or CAs) that web browsers know and trust. In short, they are the means that allow web browsers to trust the destination they are heading to is assuredly the correct one.
Why You Need an SSL Certificate
Caption: web browsers today indicate website SSL status clearly
Without the level of trust SSL certificates help establish, the Internet can be a much more dangerous place. Fake or malicious websites may try to impersonate valid ones in an attempt to steal information from visitors of the real site.
As an example, imagine if a hacker sets up a fake website impersonating your bank or other financial institution. If you arrive there by mistake, you will be prompted to enter login and billing information that can later be misused.
This is the reason why major browsers today prominently display the security status of websites users are visiting. It serves as a quick first line of defense to safeguard their users.
At the same time, search engines give very low priority to sites without SSL certification, affecting the ability of these websites to rank well in search queries. Because of this, all webmasters should pay attention to their SSL certification status, not just sites that handle sensitive user data.
Installing an SSL Certificate on Your Site
Owning an SSL certificate is not enough – you also need to ensure it is properly installed on your website to take effect. In most cases, this can easily be done via your web hosting control panel. The main difference is the type of SSL certificate you want to install.
ScalaHosting makes SSL certificate installation easy with our state-of-the-art SPanel web hosting control panel. The Graphic User Interface (GUI) is simple and easy to navigate. To install your SSL certificate, click on the ‘SSL Certificates’ option from the main menu.
This will open up a sub-menu, allowing you to make changes to the SSL certificate associated with your website.
Clicking on the ‘Actions’ dropdown menu will give you two choices – Install custom SSL or Install free SSL. Depending on which type of SSL certificate you have, click on the appropriate choice.
This option is for purchased SSL certificates. If you have bought a commercial SSL certificate or are migrating one from another host, choose this option. You will need to have the information for the certificates to fill in on the next page after clicking Install.
When you buy an SSL certificate, you will get a file from the issuer, typically in the format: your_domain.crt. This file can be opened using a text editor to view the information inside.
You will need to fill in that data in the associated fields in the Custom SSL installation screen. Once you’ve done that, simply click Install to complete the process.
If you do not want to purchase a private SSL certificate, ScalaHosting offers free Let’s Encrypt Certificates. These can be used effectively with all types of websites, but we do not recommend using them for commercial purposes, such as online stores.
To utilize the free option, you simply need to click Install, which will automatically start the process once you confirm this is what you want to do. Let’s Encrypt SSL certificates also come with an expiry date, but this is automatically renewed for you before it actually expires.
Once you’ve installed your SSL certificate, you should be able to access your website via HTTPS instead of HTTP. The former is another indication that your website is secure.
How Does SSL Certificates Work
Although SSL certificates are named after the Secure Socket Layer protocol, they actually use TLS. TLS stands for Transport Layer Security and it’s an evolution of the SSL protocol that uses a combination of symmetric and asymmetric cryptography to ensure that your browser communicates with the correct server and all the information you exchange with it is protected.
After you type a domain name in the address bar, your browser connects to the web hosting server where the website is located. The SSL certificate installed on the server responds with a unique message authentication code, which confirms that you are communicating with the correct server.
The next step is the so-called TLS handshake. During it, the server and the browser use asymmetric encryption to establish the connection and set up the secure session. Asymmetric encryption means that there’s a public key available to anyone and a private one that is kept secret. Information encrypted with the public key can only be decrypted using the private one, and vice versa. This means that the information exchanged between the server and the browser isn’t visible to anyone else.
During the TLS handshake, the server and the browser negotiate the encryption algorithm for the session and exchange data that helps them create a symmetric encryption key that will be used to protect the flow of information.
Thanks to the TLS handshake, you can be sure that you’re communicating with the correct server. Meanwhile, the symmetric encryption used after it means the data is protected by a mechanism that is both quick and reliable.
Understanding SSL Certificate Types
Although most users generally know SSL certificates as either ‘free’ or ‘commercial’, there are actually clear distinctions between different types of SSL certificates. That mostly has to do with the extent the CA goes to verify the identity of their site visitor.
The main types of SSL certificates are:
Domain Validated (DV)
These are typically the cheapest SSL certificates. The issuer will only check to see if the one applying for the certificate actually owns the domain name and has the right to operate it. There are no other checks aside from this one.
DV SSL certificates are the most widely used for personal sites such as blogs, portfolios, and other similar non-commercial sites. Let’s Encrypt, which is a company issuing free SSL certificates, offers DV SSL as well.
Organization Validated (OV)
For those who want extra assurance for their website visitors, a better option would be an OV SSL certificate. Issuers who sell OV certificates will need assurance not just of the domain name ownership but also some company information.
Extended Validation (EV)
Among SSL certificates, EV are the most expensive and difficult to obtain. While the process is not exactly complicated, extensive documentation needs to be submitted to issuers in order to form a strong guarantee of authenticity.
Information that needs to be verified includes:
- Actual existence of the business, legally, operationally, and physically
- Record matching from official sources
- Exclusive rights for domain ownership from the business
- Proper authorization for the EV issuance
Because of this stringent process, it can be relatively expensive and time-consuming to get an EV SSL. However, it’s money well-spent as this is the most secure SSL option in case of eventual hacker breaches.
Securing Multiple Sites and Subdomains
If you own a number of websites you may need to look for another specific type of SSL certificate. Usually, other certificates cover the exact domain name and nothing else.
But what about your subdomains or other websites?
To handle this, you need to look for either a multi-domain SSL or Wildcard SSL.
This type of SSL certificate is specifically for websites or even web applications that connect with multiple domain names. They are always commercial in nature and generally more expensive than single-domain SSLs.
If you intend to split your site into sections using subdomains, a WildCard SSL would be your best bet. Examples of subdomains include blog.yourdomain.com, shop.yourdomain.com, and news.yourdomain.com.
Where to Get Your SSL Certificate
SSL certificates are available with various providers. ScalaHosting offers the use of free Let’s Encrypt SSL certificates that are suitable for general use. If you need something more secure, we also offer commercial SSL certificates on behalf of two highly trusted issuers – GeoTrust and Symantec.
Under each of these brands, you can choose from a range of options that cover all your needs. This includes EV, OV, and even WildCard certificates.
Pricing starts from as little as $30/year and goes up depending on which option you choose.
If You Need Help
For those who are unsure about what type of SSL you need or simply need assistance for the installation process, ScalaHosting customer support will be happy to talk this through with you. You can get in touch with the support team either via Live Chat or the Ticketing System on the support page.