SSL Certificates Explained
SSL is an acronym for Secure Sockets Layer, an encryption technology used to protect sensitive information passed between a web server and a web browser. An SSL certificate provides the encryption keys used during the communication – think of it like a secret password needed to decode the data transmitted between your computer and the specific server you’re talking to.
Even if other Internet users or servers “eavesdrop” on your conversation, they cannot understand what you’re saying because it’s all in a secret code only known to you and the server you’re speaking to.
“S” stands for secure
The ease of shopping and comparing products and prices online makes it an attractive option for many shoppers. But how can you make sure your transactions are safe and your credit card information is going only where you intend it to?
The first thing you should check when purchasing on the Internet (or entering any sensitive information – even login details) should be to look for the “S” in the website address bar. If the address starts with “https” you are on a secure site.
This “S” from “https” gives superpowers to a web page. It means that there’s an SSL certificate which will guarantee that the information you enter (e.g. your personal details or credit card information) is encrypted before transmission from your computer to the Internet. As a customer, that’s all that should interest you.
Running an online business?
It’s more than just credit card transactions that need encryption! If your online business or service has a user registration or login form, you should ensure that data is encrypted during transmission to prevent your user’s data from being stolen or their accounts hijacked. Your business’ reputation is at stake – don’t risk fallout from an easily avoidable security incident.
When you buy an SSL certificate there’s a bewildering array of options – obviously when you contact our expert team they’ll guide you to the most appropriate one for your particular needs – but let’s run through the key differences to aid your understanding.
SSL certificates actually do 3 main things:
- Specify the encryption keys used to secure the data transmitted to/from your website
- Validate that you’re communicating with the website or organisation that you think
- Increase consumer confidence in your offering and security commitment via trust marks
We already covered the first point up above. So let’s move along to the second one.
How a web browser establishes trust
To validate that you’re communicating with the website or organisation that you expect requires a third party to vouch for your identity. In the offline world it’s common to use a passport or ID card to prove that you’re who you claim; an SSL certificate is the equivalent for a website. For users to recognise your website’s ID (SSL certificate) as legitimate, it needs to be issued by a trusted organisation – otherwise it ends up just like that fake ID you bought when you were young… nobody will fall for it.
Of course, a typical user doesn’t usually take the time to check who actually issued your SSL certificate – but it’s not the user acting as the bouncer in this situation. The web browser automatically checks your SSL certificate, and if it finds anything at all that’s not quite right it will throw a scary error message to your visitors:
All bets are off if your visitors hit these error messages – they won’t be buying from you or signing up to use your service!
Just like the nightclub bouncer, the web browser has a list of ID sources it considers to be trustworthy, and if you show up with ID issued by someone not on that list it will happily leave you outside in the cold by throwing one of those error messages at your visitors.
These trusted ID sources for SSL certificates are the certificate authorities. The certificate authorities are identified by a “root certificate”, and when they issue an SSL certificate it’s cryptographically linked back to their root certificate. Each web browser has its own copy of the root certificate for each certificate authority they choose to trust, and therefore if your website says “here’s my ID, issued by …” the web browser can verify if that’s actually genuine or not.
This means that SSL certificates only work properly if issued by a certificate authority which has their root certificate already present in the web browsers that your visitors use. That’s an important issue – especially given the rise of smartphone web browsers (typically carrying fewer root certificates than their desktop counterparts).
SSL certificate validation
As a minimum, SSL certificates validate that the website (domain name) you’re communicating with is the one you think. For example if you’re visiting https://www.google.co.uk that really is www.google.co.uk and not someone running hijacking your Internet connection somehow. But they can go much further – the certificate can also attest to www.google.co.uk being operated by Google.
Let’s look at the different types of SSL certificates available, and the differences in what they actually validate to the visitor (and their web browser) accessing your website:
Types of Validation
Domain Control Validation (DCV)
Domain Control Validated SSL certificates literally just verify that the person who requests the certificate has “administrative” access to the domain. This is normally done by emailing a pre-designated email address with a confirmation link. These certificates don’t validate the organisation or anything about them in any way, so there is no further assurance provided to the website visitor.
Advantages: Cheap, easy and quick to obtain.
Extended Validation (EV)
On the opposite side there are the EV SSL Certificates. EV stands for Extended Validation. This is the most rigorous validation and includes the domain control validation, checking the domain whois corresponds to the physical trading/operating address details of the organisation, validating the organisation’s company status and identity. The EV Certificates are providing a much greater assurance by turning the address bar green. As you can imagine in an ecommerce scenario this is invaluable and readily translates into increased sales conversions.
Advantages: High-assurance. Green bar feature.
Disadvantages: Validation process can seem overly bureaucratic and takes a few days to complete.
Organisation Validation (OV)
The step between DCV and EV is OV (organisation validated), which has some of the rigour of EV – the certificate authority manually checks some business identity documentation to validate the organisation behind the domain, rather than only that you have control of the domain (as with DCV), but without the green address bar feature, and higher cost premiums of EV.
Advantages: Mid-level assurance: organisation details are included in the certificate.
Disadvantages: No green bar feature.
Types of Certificates
Single Domain Certificates
Single domain certificates are the most common, and they cover a single domain such as https://www.domain.com or https://subdomain.domain.com. As a special bonus, for any single-domain SSL certificates purchased from us for https://www.domain.com we give you cover for the non-WWW version (e.g. https://domain.com to free of charge!
Advantages:Easy to obtain and easy to install. Low cost.
Disadvantages: They will secure only a single domain per certificate.
Multi-domain certificates protect up to 210 domains (minimum 3) within a single SSL certificate (hosted on 1 server).
Advantages: Secure multiple websites by including up to 100 domains within a single certificate. They have an Extended Validation option.
Disadvantages: If there is a problem with the certificate, all domains that use it won’t be able to function properly.
Wildcard certificates are also available for specialist requirements. Wildcard protects all of the subdomains of your domain ( *.domain.com i.e. any/all subdomains of domain.com, it can be used on multiple servers).
Advantages: Secure an unlimited number of first-level sub-domains on a single domain name.
Disadvantages: Don’t have an Extended Validation option.
Why buy SSL certificates from Layershift?
We can provide many other different types and brands of SSL Certificates, for example the GeoTrust True BusinessID with EV, or Symantec (formerly Verisign) Secure Site / Pro with EV. For more details about prices and other information, you can contact our friendly sales team here.
Layershift partner with leading certificate authorities such as Comodo, GeoTrust and Symantec (formerly Verisign), to provide you with the best SSL certificates at discounted prices. Here are the main reasons why you should consider buying from us. Try it to believe it!
Free Managed installation
The installation process of the SSL certificate issued via ourselves for use on our hosting services will be performed by one of our well-prepared team member free of charge.
Great Customer Service
Our customer service team is very fast, professional and resolve any problem you may encounter very quickly. Here you can see some testimonials from our satisfied customers!
Our security systems use up-to-date technology embodying industry standards, and secure shopping is our priority, so shopping with us is safe and easy. All payment information, including your credit card number, is secured using state-of-the-art encryption technology.
We’ve been in the business for over 10 years and we are always pushing the boundaries to find ways to impress our customers even more!
For more details about prices and other information you can contact our Sales Team here.