It’s the little lock icon next to the URL of a secure website. Sometimes there is an exclamation mark on it, and the browser elaborates the issue if you click it. Sometimes still, there is a line through the lock icon, and in some cases your browser will warn you that the site you’re about to visit may be dangerous. These are all related to the website’s Secure Sockets Layer (SSL) certification.
If you already have a website, you probably already have an SSL certificate. Most websites today do. If you are considering starting a website for your business or organization, SSL might seem to be another cost that is tacked on to a project. We would like to explain more in depth the benefits of this certification, and why so many sites opt for this low-cost, high-impact addition.
What We'll Cover
The Parts of a Web Connection
Before we dive in to what SSL is, we should first break down what happens when someone visits your website. Fundamentally, there are three components to the connection: the browser, the server, and the connection between the two. These three components make up the web browsing experience.
The Browser
The browser is a software application that allows you to visit web pages on the internet. If your business has a website, it is the window through which someone sees your site. Like windows, browsers vary in design, features, and quality. These can impact how people see and interact with a website. It’s therefore critical to ensure your website is responsive to not just devices, but the browsers as well.
The Server
Servers are specialized computers that store information and share it with other computers, called clients, when asked. They’re always on, ready to send data like websites, emails, or files to your computer whenever you need it. There are many kinds of servers for different tasks, but they all serve the main purpose of distributing data efficiently. These computers contain all the code, images, and text that make up your site. When we talk hosting, we talk about the server and the services that allow your website to run smoothly on it.
The Connection
The connection dictates the communication between the browser and the server. This is analogous to a phone connection between two people. The browser, on the client computer, makes the connection and pulls information from the server such as the text, images, formatting, etc. The server may in turn pull information from the client for the purpose of analytics, or user input such as credit card information. This back and forth happens throughout the course of a user’s visit to your site.
SSL, the technical summary
SSL stands for “Secure Sockets Layer”. It is a security protocol designed to establish a secure and encrypted connection between a server and a browser. SSL helps secure sensitive data transmission over the internet, such as personal information, login credentials, and financial transactions.
When installed on a web server, an SSL certificate enables a secure connection between the web server and the browser. This is done by encrypting the data transmitted between the two. This encryption makes it more difficult for third parties to intercept and access the data. This helps to protect the confidentiality and integrity of the data being transmitted. The easiest way to tell if a site has SSL is to see if it has “https” instead of “http” at the start of the URL. Many browsers also include colors, icons (such as a padlock), and more indicators that the site has an SSL certificate installed.
Original uses
SSL was developed in the 90s to ensure privacy, authentication, and data integrity in Internet communications. The main purpose of SSL was to encrypt and secure communications over the internet, particularly between web servers and browsers. SSL was primarily used by businesses and websites that required secure transactions, such as online banking and shopping sites. Remember, these were novel in the 90s during the “dot-com bubble”. The average internet user at the time likely did not use SSL connections regularly.
Is it really needed?
SSL certificates are essential for websites that handle sensitive data, such as e-commerce sites, banking sites, and social networking sites. Anywhere users enter data, the transmission of that data from their computer to the server is secure with SSL. It is no surprise then as cybersecurity issues have become more complex, sophisticated, and widespread, that SSL has become something of a minimum requirement for site security.
We believe it’s absolutely necessary to secure your site with an SSL certificate. Even if you’re not a bank, if you use any traffic analytics tools, use plugins on your site, want to build trust with visitors, or even appear prominently in search results, an SSL certificate has become a “must” for more than just security.
Consider the following circumstances:
- E-commerce: If a website processes sensitive data, such as credit card information (even with a third party tool), an SSL certificate is a necessity. It helps protect the confidentiality and integrity of transmitted data and can help establish trust with customers.
- Login credentials: If the website requires users to log in to access certain features or content, an SSL certificate helps protect the login credentials from unwelcome third parties. This is particularly important for websites that contain sensitive information or personal data.
- Search engine optimization: Search engines give a ranking boost to websites that use SSL, which can improve the website’s visibility and search engine rankings.
- Privacy: If a website collects any personal information from its users such as for traffic analytics, an SSL certificate likewise helps to protect that information. This includes information from the browser that the user does not manually input to your site.
Security as Part of Your Brand Promise
SSL isn’t just a technical checkbox for your website launch. It’s a way to show visitors you take their privacy seriously. In the same way a clean storefront and friendly staff invite customers in, a secure, trusted connection makes them more willing to engage, explore, and buy.
Mixed Content Issues and What They Mean for Users
Sometimes, even after you’ve installed SSL, certain parts of your site, like images, videos, or scripts, might still load over an insecure connection. This is called “mixed content.” To visitors, it can trigger browser warnings that your site is “not fully secure.” Fixing mixed content is important for maintaining customer confidence, especially when people are entering personal or payment information.
Choosing the Right SSL Certificate for Your Business
Not all SSL certificates are the same, and the right choice depends on your website’s size, purpose, and how you handle user data. Here are the main types to consider:
- Multi-Domain SSL (SAN Certificate): Allows you to secure several different domain names under one certificate. Useful if your business operates multiple distinct websites.
- Domain Validation (DV) : A quick, budget-friendly option that verifies you own the domain. It’s ideal for personal sites, blogs, or small business pages that don’t handle sensitive customer data.
- Organization Validation (OV): Verifies both domain ownership and your organization’s legitimacy. Recommended for business websites where building customer trust is important, especially if you collect form submissions or other user information.
- Extended Validation (EV): The most rigorous validation process, often displaying your business name in the browser’s address bar. Best for eCommerce sites or businesses that handle sensitive financial transactions. Most modern browsers no longer display the organization name prominently in the address bar, which was once EV’s hallmark. This has reduced its perceived value.
- Wildcard SSL: Secures your main domain and all of its subdomains with one certificate. A great choice if you run multiple site sections (e.g., shop.example.com, blog.example.com).
- Self-Signed Certificates: You may have heard about self signed certificates as a free alternative to a conventional SSL like the ones mentioned above. They are created and signed by the website owner instead of a trusted Certificate Authority. These work for internal tools or testing environments, but should not be used for customer-facing websites. Most browsers will show warnings that discourage visitors from proceeding.
The benefits outweigh the cost
Overall, SSL is an important security measure for any website that handles sensitive data or collects personal information from its users. It helps to protect both the website and its visitors from potential security threats and can help to establish trust and credibility with customers. The cost varies depending on what your site does, which determines what type of certificate you’ll need. However, between a boost in search rankings, added trust from your customers, and general peace of mind, it pays for itself soon after installation.
It is important to consider the potential risks and drawbacks of not using SSL. For example, even a simple personal website may be vulnerable to eavesdropping or manipulation by malicious actors. This can happen ‘in the middle’ between you and the visitor if the line between you is not secure. Therefore, count on a website SSL to help ensure the security and privacy of users’ data.
