SSL (or, more accurately, TLS, but more on that in a bit!) is a very important tool in the world of internet security. Even if you’re not aware of what SSL is or its influence on your browsing habits, you have no doubt noticed its presence. You know that little lock in the top left corner of your browser, just to the left of your address bar? Click it. That’s SSL in action, baby, keeping you safe, and letting you know that the website you’re on is secure and (more likely) credible.
If you’re browsing an older website or something sketchy (like, say, Florida’s official government website), you might notice that precious lock is replaced with “Not secure” or something similar, indicating that the website is not SSL-certified. Any information you send to that website is, well, not secure, leaving your data vulnerable to theft. A good rule of thumb is to never provide any passwords, credit cards, or other valuable personal information to a website not using an SSL protocol.
Whether you’re just browsing the web or building sites for it, having an SSL-certified website can provide you and your users with a strong promise of security and trustworthiness. If you’re concerned about SEO and your website’s rank on Google, you definitely want to make sure your website has SSL, as it’ll get a big bump in search relevancy.
SSL certificates are used whenever you want to securely transmit information - so anywhere, basically. The most common example of its use is with day-to-day web browsing. When you provide Facebook your password to sign in to your account, that information is encrypted on your end, sent as an encrypted string of data to Facebook, and then decrypted on their servers. Same with providing your credit card information to Amazon. SSL can also be used to send information between private servers, mobile devices, and e-mail.
First and foremost, it’s technically not SSL anymore, and it hasn’t been for a while. SSL, which stands for Secure Sockets Layer, was replaced with Transport Layer Security, or TLS, way back in the Bronze Age of the internet - 1999. Given the fact they’re virtually identical in function (and that people generally don’t like things that are different), the term SSL has stuck around all these years, and will thus be how we refer to the protocol in this article.
In fact, the only reason the name was changed was that the developers of what would become TLS wanted to stay on Microsoft’s good side, who happened to be a browser war with Netscape, the folks that developed the first few major versions of SSL. Tim Dierks, one of the main developers of the protocol, goes into further detail on his (ironically SSL-less) blog here if you’re curious.
SSL was created in August 1986 as a joint venture between the National Security Agency, the Defense Communications Agency, the National Bureau of Standards, and twelve technology corporations. They were seeking to develop a means to provide secure communications between two parties - generally, a website and an average user browsing it.
As stated above, SSL is designed to provide secure communications between a user and a website. Put simply, when on a website that uses SSL, any plaintext information you send (like your password or your credit card number) is encrypted on your end and is decrypted when it is safely received by the site. If that information were to somehow get intercepted, the thieves would have a bunch of useless, incredibly difficult to decrypt data and a whole lot of wasted time. SSL also guarantees that the information being sent over is unchanged.
The process involves the exchange of keys - strands of data that can be used to encrypt or decrypt other data. Your browser (very quickly!) exchanges these keys with the website in order to confirm that you are able to send encrypted data and that the website is able to decrypt said data. From then on, anything you send to the website is encrypted, and vice versa. In technical terms, this is referred to as a “handshake”. These encryption algorithms are continuously updated, ensuring new exploits are fixed. Here’s a solid infographic that goes into a little more detail if you’re curious.
It gets a bit more complicated than that, but we’re going to keep things simple for now. There are many additional details and complications with SSL, and there are many great resources to access if you want to learn more.
Looking to secure your website, eh? You’ve made the right choice.
If you’re using a reputable web-hosting service or something like WordPress, chances are your website’s SSL certification will be taken care of by your provider. For an easy way to check, go to your website and see if the handy lock is visible, just left of your address bar. If it’s there, you’re done! Go forth and post that blog. Upload that recipe. Sell those socks. You can do so with the foreknowledge that your users’ information is safe and secure.
Write your website from scratch? Look at you! While impressive, there’s no guarantee the information you send and receive will be secure. This is where SSL comes in. Depending on your situation, there are a few avenues to take. Your first step is to choose a host.
Choosing an SSL host can be intimidating, but it doesn’t need to be. It all comes down to your needs. Some SSL certificates are offered entirely free - though, depending on the service you need, some features can cost money. For instance, if you have one single website that you’re looking to certify, you can generally find free reputable certificate providers fairly easily. If you want to host multiple websites, use SSL on subdomains, or have other advanced needs, you might end up needing to pay.
Here at Symphysis, we recommend going with Let’s Encrypt. Their certificates are entirely free, open, and feature lifetime certificate renewals (pro tip: renew your SSL certificate roughly every 60 days). It covers nearly everything you could possibly need: personal certificates as well as enterprise, and more complicated stuff like wildcard certificates (used if you are using multiple subdomains). If you know Let’s Encrypt won’t handle your specific needs (in which case, this article might be a little elementary for you!), there are plenty of other providers to look into, like ssl.com, Cloudflare, and Godaddy.
Clearly, your next step is to get people to visit your website - and stay there! That’s what we do best at Symphysis. Based in Bellevue, Washington, we have a proven track record of providing successful comprehensive marketing solutions to companies big and small, as well as individual entrepreneurs. Schedule your free consultation today!