What is an SSL and why do you need one? Tip: If you’re a visual person, skip to the infographic at the end of the blog…
Most people will be aware that their web browser sometimes displays a little padlock beside the address of a website. The address bar itself occasionally turns green, while the http prefix in web addresses often becomes an https prefix instead. These are all visible signs that an SSL certificate has been activated, adding greater security and protection to any sensitive or financial activity conducted over the Internet.
Normally, the data we send and receive online is sent through individual packets that could potentially be viewed by anybody. An SSL certificate is a small data file that adds a complex security key to communication between the host and recipient computers, preventing these packets from being viewed by anyone else. This secure connection can therefore transmit passwords, financial data or sensitive personal information safely and discreetly.
The term SSL is an abbreviation of Secure Socket Layer, and it was created by one of the early Internet pioneers. Netscape dominated the web browser market with their Navigator package in the 1990s, before Microsoft began bundling Internet Explorer with every Windows package. Today, Netscape’s SSL legacy is increasingly being known by a new name – TLS, or Transport Layer Security. Geeks may be interested to know that TLS’s use of asymmetric cryptography splits the plaintext and ciphertext content into separately encrypted data that cannot be accessed without the independent authentication of both keys. The rest of us will simply be relieved to know that any site using this technology is legitimate and largely hacker-proof.
To use an SSL certificate, the host website has to be vetted and approved by a regulated Certification Authority. They confirm that the host company is legitimate,and grant it permission to install an SSL Certificate onto its web server. This can turn conventional http communication into the https version, establishing a secure connection between the two parties for the duration of data transfer. The recipient’s web browser will perform various checks to authenticate that the SSL certificate is valid, and the browsing session can begin within a couple of seconds.
Confusingly, there are different levels of SSL certificates. Extended Validation is the gold standard with its signature green address bar and industry-leading 2048-bit encryption, while Domain and Organisational SSL still provide effective security across all browsers and devices. With limited differences between these three alternatives, the choice of which SSL certificate to obtain depends largely on the value of the transactions your site will be hosting. Retailers often rely on a relatively basic secure server certificate for the low-value purchases made by their customers, whereas financial institutions provide full Extended Validation certificates for online banking.
As is always the way with computing, tiny errors can cause significant problems with secure data transfer. If your computer’s clock shows the wrong year, SSL certificates won’t be accepted because they are only valid for a limited period – usually one year. Entering an incorrect web address may still get you onto the desired site but might mean your computer can’t match the SSL certificate to that address, while incorrect coding of graphics or site content can result in an error message reporting the presence of both secure and insecure items. Older web browsers sometimes fail to recognise more recent additions to the list of approved CA providers, and thus reject modern certificates.
With UK2, Comodo SSL certificates come free as part of the business web hosting and business cloud hosting packages. Prices for these types of hosting start at as little as £2.49 a month. To find out more, visit the hosting page of the UK2 website.