Search This Blog

Wednesday, 8 January 2020

What is SSL (Secure Sockets Layer): Everything you need to know [Detailed Guide]

What is SSL (Secure Sockets Layer): Everything you need to know [Detailed Guide]

SSL (Secure Sockets Layer) is a standard security technology that creates an encrypted link between a web server and a browser.  This link makes it impossible to read all the data transmitted between your web server and browser.

 Websites that use SSL make a secure connection with your browser and prevent hackers and Middleman from receiving your information.

This information can be anything like credit card number and other financial information, names, addresses, login details etc.

SSL Evolution (History)

 SSL version 1.0 was introduced by Netscape in the 1990s.  But it was never released due to some security flaws.  In February 1995, SSL's first public release was SSL 2.0.  While SSL 2.0 also had its own security flaws.  Due to which it was redesign again and released a year later as SSL 3.0.

SSL 3.0 was heavily used, but SSL 3.0 is also not considered secure after a POODLE attack.

 TLS (Transport Layer Security) is currently an updated and more secure version of SSL.  The final version of TLS is TLS 1.3, which was launched in August 2018.

What are the types of SSL Certificates

 There are several types of SSL Certificate:
  1.  Domain Validation
  2.  Organization Validation
  3.  Extended Validation
  4.  SAN / Multi-domain SSL
  5.  Wildcard SSL
  6.  Multi Domain Wildcard SSL Certificate
  7.  Unified Communications Certificate (UCC)

1. Domain Validation (DV)

 It is the cheapest SSL certificate and perfect for a blog.  You can achieve this in a few minutes or hours.  It is best for those who do not need extra security.
  •  it is cheap.
  •  Can be obtained in a few minutes or hours.
  •  Best for blogs and small websites.

2. Organization Validation (OV)

 It provides better security than Domain Validation certificate.  Such a certificate takes 2-3 days to activate.

3. Extended Validation (EV)

Extended Validation Certificate is very important for websites on which the transaction takes place.  It displays a padlock with the business name in the URL.

Domain Validation and Organization Validation certificates are easy to obtain, while Extended Validation requires a strict authentication process. It takes about 7-10 days to activate.

 Most banking, finance, and e-commerce websites use EV certificates.

4. SAN / Multi-domain SSL

 Multi-domain SSL certificates are also called SAN certificates. This type of certificate helps in securing many domain names. 100 domains can be secured by a single Multi-domain SSL certificate.

 You can achieve this with Domain Validation, Organization Validation and Extended Validation.

5. Wildcard SSL

 The Wildcard SSL certificate secures your domain and unlimited sub-domains with a single certificate. It is available with Domain Validation (DV) and Organization Validation (OV).

6. Multi-domain SSL Certificate

 This type of certificate secures unlimited sub-domains with multiple domain names. You can achieve this with Domain Validation (DV) and Organization Validation (OV).

7. Unified Communications Certificate (UCC)

 Unified Communications Certificate (UCC) is specifically designed to secure Microsoft Exchange and Microsoft Office Communications server.

 It works like a Multi Domain SSL certificate and 100 domains can be secured by a single certificate.

How to check if the website is using SSL / HTTPS

 It is very easy to check whether the website is using SSL / HTTPS.

 If a website uses SSL / TLS, most browsers show a Secure connection with a padlock in the address bar. Here is a screenshot of the Chrome browser.

Top SSL Providers to Enable HTTPS

 There are many SSL Provider available in the
market which offers SSL certificate:

1. Lets Encrypt

Managing Encrypt is a free and reliable SSL certificate provider.  This allows HTTPS to be installed on your blog for a lifetime at zero cost.  Improving Encrypt lasts Valid for 3 months and after that, you have to renew it and good thing there is no charge for it.  You can enable Automatic renew setting.

2. Cloudflare Free SSL / TLS

 Cloudflare is a CDN service that offers HTTPS certificate for lifetime for free.

3. Comodo

Comodo is one of the top class HTTPS providers.  It also offers free SSL certificate along with paid SSL certificate.  You can use it for 90 days at zero cost, after that you will have to renew it.

4. SSL For Free

 SSL For Free is also a good website to get HTTPS for free.  It offers HTTPS for lifetime for free and you never have to pay for it.

Apart from this you can buy SSL certificate for your site from The SSL Store, GeoTrust, RapidSSLonline, SSL.com, GoDaddy, Network Solutions or contact your domain registrar to talk about it.
Things to know before buying SSL Certificate

When purchasing SSL Certificate, keep some important things in mind.

 1. Brand name

 There are many companies in the market that sell SSL certificates.  But it is better to buy SSL Certificate from a big and reliable brand.

 2. Encryption Level

 There are many levels of encryption.  If you accept credit / debit cards on your website, you must have at least 128-bit SSL certificates.

 3. Dedicated SSL & Shared SSL certificate

  •  Dedicated SSL certificate - You have to buy it and most of the brands offer Dedicated SSL.
  •  Shared SSL certificates - found for free, perfect for blogs and non-sensitive websites.  But it is not recommended for e-commerce sites.
 Dedicated SSL certificates provide very good support while Shared SSL certificates do not provide any type of support.

Benefits of using SSL

1. SSL protects data

Creates a secure connection between the SSL user and the web server.  And prevents the user's sensitive data from being hacked.

When you enter your data on a Non-HTTPS (website with no SSL), that data is sent as plain text to the server which can be easily read and hacked.

Where as SSL / TLS creates an encrypted connection between the user and the web server and sends the data as a code to the server.  Which is very difficult to decrypt (read).

2. Improves Visitors' Trust

 If you use SSL on your site, then visitors will trust your site.  Your website will appear in the address bar of the browser with a security padlock.  This shows that your site is secure and takes the visitor's privacy seriously.

3.Website SEO Boost

 If you use SSL / HTTPS on your site, then your website ranks better in Google search.  Because SSL / HTTPS is a Google ranking factors.

4. Chrome Warnings

 As of July 24th, 2018, Chrome 68 and higher versions are showing "Not Secure" to all non-HTTPS sites.  Therefore HTTPS is very important!

5. Improves Your Site Performance

 TLS 1.3 is an upgrade version of SSL and provides better performance and security to your site.

Cons using SSL

 The benefits of SSL also have some disadvantages:

1. Money Cost

 You have to spend money to buy SSL.  However, if you have a blog, you can get SSL for free by improving Encrypt and Cloudflare.  But for an eCommerce site you have to buy SSL.

2. Traffic and Search Ranking may fall

 If you make the slightest mistake of installing SSL on your site, your search ranking and traffic may be Zero.

3. Mixed Content Error

When you install SSL certificate on your site, your web page may show insecure after opening in browser.

Due to which many visitors may get scared and clicking on the back button will exit your site.  Site traffic will gradually decrease as a result.

final thoughts

 SSL (Secure Sockets Layer) creates a secure connection between the web server and the browser.  And keeps the transmitted data encrypted and secure.

It is also a Ranking signal.  So buying SSL becomes very important for the site.

If this article has proved helpful to you, then do not forget to share it!

No comments:

Post a comment