You may not judge books by the cover, but websites? That’s a different story.
Whether or not you’re internet savvy, it’s probably safe to say you’ve noticed a padlock icon next to the URL in your address bar when you go to certain sites.
Most users won’t notice the difference between an http:// and an https:// at the beginning of a web address, but they’ll definitely notice the dangerous-looking warning icon and “not secure” message that pops up next to your URL. With the help of these warnings, SSL has become a standard for websites across the board looking to earn user trust from the jump.
First impressions aside, SSL certificates are an important tool to actually maintain privacy on the internet, too.
01.
What’s an SSL Certificate?
Without getting too deep into the technology involved, as data pings around the Internet on its way to your computer screen, it gets transferred from server to server.
When the Internet was first created, data was transmitted in plaintext. This means that if you entered a credit card number on a website, it would travel across the Internet as-is, unconcealed for anyone who might be savvy enough to snatch it between servers.
To protect that data, Netscape developed a security protocol in 1995.
This Secure Sockets Layer (SSL) ensured that all transferred data remained confidential, traveling from server to server in a random, scramble of characters. This is the encryption aspect, which makes it an essential aspect of any website with a payment processor or data collection.
At the same time, an SSL certificate initiates an authentication process called a handshake between two communicating devices to ensure that both devices are really who they claim to be. It also verifies that the data is not tampered with before reaching its intended recipient.
02.
WHAT ABOUT TLS?
Since its creation, there have been numerous iterations of SSL, each more secure than the last. SSL is the predecessor to the modern TLS encryption used today.
In 1999, the Internet Engineering Task Force (IETF) proposed an update to SSL, opting to change the name to TLS. The differences between the final version of SSL (3.0) and the first version of TLS are not drastic; the name change was applied to signify that Netscape wasn’t involved.
Since they are so closely related and because SSL still has so much name recognition, many providers still use SSL to refer to TLS, and others use the term “SSL/TLS encryption.”
Today, anyone offering “SSL” is almost certainly providing TLS protection, which has been an industry standard for over 20 years. But since many folks are still searching for “SSL protection,” the term is still featured prominently on many product pages.
Thanks, SEO.
03.
When to Add SSL to Your Site
We think every site should have an SSL. It will protect you from data breaches, and it gives visitors a good reason to trust you with sensitive information. It also improves your rankings in search results. But it’s especially important for websites that process financial transactions.
SSL certificates can be expensive if you don’t know where to look or what you’re buying, even when they’re “free.”
Anyone can create a certificate claiming to be whatever website they want, so Chrome, Safari, and other web browsers work in the backend to determine whether or not your site is really up to snuff, or if you were ripped off by a less-than-reputable provider.
Plus, they expire as an additional fail-safe to keep information protected and sites verified. If your provider fails to notify you, a lapse in SSL certification not only puts putting customer information at risk, but can also affect sales numbers, customer trust, and your brand rep.
Working with a partner like Black Dog to manage your site, domain, and SSL certificate can help ensure your site is always protected and up to date.
