What is SSL and How it Works?

You may have noticed that some website’s URL starts with “http://” whereas many URLs start with “https://”—an addition of ‘s’ may seem small but carries a bigger purpose. The presence of ‘s’ in the URL means the website is secure and encrypted, and any data that you give to the website is only shared with the website and is completely safe.  The ‘s’ present is known as Secure Sockets Layer, otherwise called SSL.

If you are a marketer it is important that your website has SSL security as a consumer always looks for SSL certificates when he shares important information like credit card details to pay or purchase. 

Today, the presence of SSL is not a choice but has become a basic necessity of websites. This article will cover everything about SSL like What is an SSL certificate and more importantly, the importance of SSL. Other than only educating you about SSL it will also help you get free SSL certificates using letsencrypt.

There are tons of SSL certificates that exist where some are free, some are cheap, and some are very, very expensive (almost 4000.00USD /year).

This does not mean that free or cheap SSL certification is not worthy. 

They are! As some online marketers like Let’s encrypt (https://letsencrypt.org/) understand the necessity it holds and offers free certificates and manage their funding through donations; in fact, they have offered over one billion free SSL certificates as of now. 

The expensive ones exist because they offer high-security privileges which could not be handed-out free. 

Do you want to know why some SSL certificates are free, some cheap, and why some are expensive? Well, you can understand this by understanding SSL and how they work. 

What is an SSL certificate?

SSL, well, the Secure Socket Layer which is the standard security technology that establishes an encrypted link between a server and a browser—this secret encryption ensures that whatever the data is shared from a browser to a web server or vice-versa is hidden. 

See, the SSL has two central objectives—the encryption and the identification. 

1. Encryption

The encryption is the part where computers hide what is sent to the other computer. It does by changing the content, for example, speaking in code as spies do. Obviously,  it is much more complex than that but you get the idea, right! Consider this— If you share a piece of information like your credit card details without encryption with the website from where you want to purchase. These details can be easily intercepted by a third-party who may have an interest in your money. But with encryption, the information you will share will be garbage to others. It is done as:

• Your computer and server agree on how to encrypt
• The Web Server Sends Certificate
• Your computer says “Start Encrypting”
• Server agrees
• And, your details and message get encrypted—which will be trash to anyone other than the two computers that are communicating

1. Identification

The identification makes sure that the computer you are speaking to is the one you trust. For example, how can you trust the computer you are speaking?

This is important as SSL will encrypt the message but how you do know that you are sharing the information with the computer that you want—it can be agreed by some other computer. This works like:

• The web server asks the Certification Authority for a certificate
• The certification authority creates a certificate after verifying the details of the company and signs it(cryptographically)
• This certificate will be installed in the server
• And, when a browser wants to communicate with your server it is issued with a root certificate(which may be correctly signed or be malicious)
• The browser, however, will only trust the correctly signed certificate

The details asked by the CA are a whole lot like where the server is located and what is the company, etc., and issues a certificate only when it completely authenticates the server. The secret key will change all the information like version, serial number, the algorithm, Validity, etc. 

That’s all there to it—however, the importance of SSL is that the consumer can double click on the padlock and see the URL as https:// and feel safe that the information they are sharing with you is safe and secure. 

Let’s go further. 

Types of certificates

These certification authorities further categorize the certificate based on the level of validation and encryption which is further based on the number of domains and subdomains that will be under a single certificate. 

1. Extended Validation (EV SSL) —the most expensive ones. 
2. Organization Validated (OV SSL) Certificate—cheaper but almost the same as EV
3. Domain Validation (DV) Certificate—easily certified and are for one domain. 
4. Wildcard SSL Certificates—you can use for subdomains. 
5. Unified Communications (UCC) SSL Certificate—multiple domains. 
6. Single Domain SSL Certificate—for one domain only. 

How to get an SSL security?

After you figure out which SSL certificate you need—for example, if you are hosting on many platforms it means that you have separate domains and subdomains, and you need a different certificate than the website which controls only one domain. 

If you have only one domain it means that the standard certificate is enough.

If you are looking to set up an SSL certificate for your website please contact us.