Why Do I Need an SSL Certificate?

Typically, data sent between browsers and web servers is sent in plain text. This can leave your personal data susceptible to eavesdropping. The main purpose of SSL is to allow private information, personal information, or other sensitive data to be transmitted over the internet over a secure connection. SSL stands for Secure Sockets Layer, and it is a technology used to provide authentication and encryption. It creates an encrypted connection between a web site on a web server and a person attempting to connect to that site, using public-key cryptography to accomplish an encrypted connection. SSL certificates use a key pair: a public and a private key; these keys work together to establish an encrypted connection. What this means is that these keys take the data that is being sent between the user and the website and encode it in a way that is impossible to decrypt without the key, ensuring that it won’t be seen or stolen by any outside party.

SSLs are assigned by a certificate authority (CA). A certificate authority is a third party organization that is trusted to issue digital certificates. One of the purposes of a certificate authority is to guarantee that a web site is who they claim to be. The certificate authority will verify the identity of a web site or online business before issuing an SSL or digital certificate. This assures any visitors or online clients that the website is legitimate and that the connection to that site is encrypted. There are many companies or certificate authorities that issue SSL certificates; some of them include Digicert, Comodo, and Global Sign. You’ll want to make sure you chose a trusted certificate authority for your clients to use; if your clients don’t trust the certificate authority you’re using, you may lose business because they won’t feel that their personal information is secure.

There are also different types of SSL certificate validation. The first type of SSL certificate validation is a Domain Validated (DV) SSL certificate. With this type of validation, the issuer confirms that the purchaser of the certificate is the owner of the domain by checking their information against the WHOIS database. Domain Validated certificates do provide a decent amount of security along with providing encryption, but they do not verify that the purchaser is the owner of a valid business.

The second type of certificate validation is an Organizationally Validated (OV) SSL certificate. An Organizationally Validated SSL certificate is intended for companies and is particularly useful to e-commerce, financial institutions, and government organizations that need to transmit sensitive data on their server such as credit card numbers and personal information. The procedure for organizational validation is more complex; the issuer will check to see if the purchaser of the certificate is the owner of the domain and the owner of a legitimate business. One advantage to getting an Organizationally Validated SSL certificate is that the web site will be displayed in the browser as a trusted site, and people will feel more confident doing business with that site.

The third type of certificate validation is an Extended Validation (EV) SSL certificate. The Extended Validation certificate is the most complete SSL encryption solution. One of the benefits of the Extended Validation is the green URL bar in the browser that indicates to users that they are viewing a website connected with a verified trustworthy business and that the website has been confirmed to be safe and secure.

There is much more to SSL technology and SSL certificates, but those high-level details can be left to the tech-heads. Hopefully this has answered any questions about what SSL is and why it is important, but please feel free to contact Diagram if you have any more questions or if you would like us to help you make sure your site is secure.