A few days ago, I got a question from a colleague about why we need to have an SSL certified website nowadays.
I answered, “It's because you see the green lock in your browser,” off the top of my head. However, because I am the type of person who isn't pleased with such a response, I began my research. This is how the idea for this article came.
The SSL certificate allows us to have an encrypted connection on the HTTP protocol used to transfer the server's web pages to the browser.
With an SSL certificate, we prevent anyone from intercepting or accessing confidential data on the network as such (bank card numbers or passwords from web applications).
Because Google decided in 2018 to penalize all sites without an SSL certificate, indicating that the site is not secure is a must-have today.
We know three types of certificates, but they have different levels of authentication.
The domain certificate is one of the most common certificates in the world. It is also the cheapest, you can also get it for free.
When issuing a certificate, only domain ownership is verified. The disadvantage of these certificates is that they do not protect subdomains, but only domains.
The business certificate has a medium level of trust, as it verifies domain ownership and the company that owns the domain when issuing the certificate. Business certificates are used by companies, non-profit organizations and governments, as they want to show that they are on the correct site of the company.
Extended SSL certificates offer the highest level of trust. The issuing process also to verification, domain and company, ensuring that the connection between the server and the browser is encrypted.
In the address bar, it shows the company name in addition to the lock and HTTPS tag.
We also know three types of certificates, which differ in how many domains we can use.
Wildcard certificates are alternate certificates and are issued to only one domain and allow installation on different subdomains. For example, if a certificate is issued for example.com, you can also install it on blog.example.com and mail.example.com.
The advantage is that we can protect multiple subdomains with one certificate instead of buying each subdomain.
Multi-domain certificates allow you to connect multiple domains under one SSL certificate. It is used when a company has several domains and wants to protect several domains with one certificate. Up to 100 domains can be protected by one SSL certificate.
Single-domain certificates are intended and issued for only one domain. This means that they cannot be used for subdomains such as blog.example.com and mail.example.com if is a certificate issued for example.com.
In the first place, the SSL certificate encrypts the connection between the user and the server, thus preventing any data from being read during the transfer.
If you have an online store, and you are transferring personal data, the security of your visitors must be paramount, so you must install the certificate.
This also gains the additional trust of your visitors.
With an SSL certificate, you not only protect visitors but also prove that you own the site. This gains the trust of visitors.
It has been proven that using SSL certification increases the SEO of your website. With an SSL certificate, your site will be ranked higher among the hits in the browser.
The SSL certificate allows the use of the HTTP/2 protocol, which reduces and speeds up our site as the protocol compresses the request heads.
Some providers such as Let’s Encrypt offer free domain certificates. Why do half the other providers offer paid certificates if I can get a certificate for free?
The difference is that both certificates provide data encryption but, the difference is in the extra trust of the users.
If you have one blog in WordPress or another CMS then free SSL is enough, but if you accept payments or run an online store then it is wise to buy an SSL certificate.
I hope I have introduced you to what SSL certificates exist and how they help today.