Table of contents
- SSL Encryption – What Is SSL?
- How do I know if a connection is encrypted?
- Mozilla Firefox – SSL certificates warnings
- Google Chrome – SSL/TLS certificates warnings
- Secure Sockets Layer – Who Needs It?
- Do we advise on choosing a specific SSL certificate provider?
- Differences depending on the type of SSL certificate
- Types of SSL certificates. Free SSL or a commercial one?
SSL certificate has become a must-have feature for all website owners. Let’s look at this topic both in terms of security and its impact on the effectiveness of positioning. What is SSL and what does this acronym mean? Do all websites need to have an SSL certificate implemented? How does an SSL certificate affect the purchasing process?
SSL Encryption – What Is SSL?
SSL is an acronym for Secure Sockets Layer. The name speaks for itself – in a nutshell, SSL protocol ensures data security during the transfer of packets between the computer and the web server. In fact, the name SSL is used colloquially – in most cases, SSL protocol is replaced by a newer and more advanced TLS certificate (the acronym for Transport Layer Security).
The protection of the transfer is based on encrypting the data so that theoretically it is not possible to change it during transmission (and any attempt to do so will be detected). With SSL/TLS, the user can be sure that an undesirable redirection to another website will not happen during the connection. It is important especially when it comes to websites where we want to submit our sensitive data, and share our login credentials e.g. when filling out the contact form, making online transactions, or online payments.
How do I know if a connection is encrypted?
In the simplest possible way: if the website contains HTTPS web address and looks similar to this URL: https://verseoads.com (this is just an example), the website has the SSL certificate implemented. If there is no SSL certificate or it is incorrectly connected, a message will appear that the website is not secured. Always look at the website’s address.
Mozilla Firefox – SSL certificates warnings
In the case of Mozilla Firefox browser, if the website does not have an SSL/TLS certificate, the padlock icon looks as follows:
Websites that pose a potential threat are flagged by Firefox:
The page that poses a risk to internet users will not be displayed to them – instead, you can see a warning message informing about the nature of the problem:
When Firefox connects to a website with an SSL certificate implemented, the browser verifies the validity of the certificate used by the website. If it does not pass the authentication process (for various reasons – some of them are mentioned below), Firefox will terminate the connection with the website and display the error message “Warning: Potential Security Risk Ahead”.
Firefox warnings can be associated with the following threats (see support.mozilla.org):
- the use of SSL certificates from GeoTrust, RapidSSL, Symantec, Thawte and VeriSign – these entities have not complied with the recommendations regarding security practices in the past – certificate authority is not trusted,
- incorrect settings in the operating system regarding date and time,
- “expired” – when the security certificate has expired and has not been renewed yet,
- the certificate is not assessed as trusted due to the fact that the issuer’s certificate is not valid,
- the certificate is not valid for a specific page,
- the website is not properly configured,
- the SSL certificate file is corrupted.
Mozilla Support also indicates what steps should be taken to solve a specific problem with the SSL certificate.
Google Chrome – SSL/TLS certificates warnings
The most common causes of warnings that appear in Google Chrome regarding TLS/SSL certificate errors are:
- the site does not allow a secure connection,
- the website has a redirect loop,
- the website is unavailable,
- the connection is not private (security protocol is not implemented),
- problems with setting the date and time.
Secure Sockets Layer – Who Needs It?
In short: an encrypted connection pays off for everyone. It means everyone needs a secure socket layer (SSL).
Online stores and e-commerce in general – SSL is obligatory without any exceptions! The awareness of the importance of online shopping security is growing steadily. Don’t scare your potential customers away with the lack of an SSL certificate. Your potential customers will not share their confidential information and make online transactions if they are not sure that it is safe to do so.
When it comes to websites that don’t sell products online, important are any places where users leave their confidential and sensitive information, e.g. via contact forms, etc. If you get such data from users, an SSL certificate is also mandatory.
Other websites without the functionalities mentioned above: theoretically an SSL certificate is optional, but we (as well as web browsers’ developers) strongly advise implementing it. The awareness among users is growing rapidly and the visible differences on websites that do not have a certificate (the message “Not secured” does definitely not have positive associations), make the SSL certificate worth the investment.
Do we advise on choosing a specific SSL certificate provider?
What we do is simply recommend using an SSL certificate in order to provide a secure connection. However, we do not indicate a specific business or brand that provides such certificates. This is due to the fact that we do not follow the detailed offerings of companies that provide SSL certificates, discounts, etc. that change over time. SSL industry, due to massive demand, has a very wide offer.
Differences depending on the type of SSL certificate
When it comes to different types of SSL certificates, there are some differences that you can notice in the browser:
AlphaSSL/RapidSSL Wildcard SSL certificate – company name will not be visible in certificate details.
True BusinessID and TrueBusinessID Wildcard SSL certificates – the company name will be visible in the details of the certificate.
True BusinessID EV SSL certificate – displays a green address bar. The domain and applicant organization are verified – the company name will be visible in the green address bar and in the details of the certificate.
Types of SSL certificates. Free SSL or a commercial one?
You have two options when choosing an SSL certificate for your website: a free SSL certificate or a commercial certificate. A free digital certificate has its obvious benefit, but if you decide to use this solution, you should carefully read the terms of such a service and check its limitations. The answer, as usual in the digital marketing world, is it depends.
The process of implementing SSL certificates can look complicated. In fact, it is quite easy, but beginners may sometimes need the help of experienced web developers. It consists of, among others, certificate signing request (getting the certificate authority’s digital signature), domain validation, and some activities to successfully put the SSL protocol to use. However, the whole process should take less than an hour – after going through all steps – all you have to do is wait for another approximately 8-24 hours.
Of course, SSL/TLS certificate is not everything you need to secure your website properly. SSL certificates protect only data transmission between the user and the web server – the topic of website security solutions is much broader and in order to protect the website from cyber-attacks you need to follow the good practices.
You can read more about this issue in another article on Verseo’s blog – Website Security – How to Keep Your Website Safe.