Do you have a website and wondering if you should get SSL certificate for it or not? Do you want to know why you should use SSL certificate for your website? If the answer is YES, then this article is for you.
Since July 2018, Google has started flagging all unencrypted HTTP website as “Not Secure”. So how does this affect your site and its users?
Well, the answer is it will affect your website in different ways.
If your website allows users to submit any personal information (e.g. name, email address, credit card numbers, etc.), then you should probably get an SSL certificate.
However, for me, regardless if you will ask your website users to submit any personal information or not, you should still get an SSL certificate.
Why? Well, let’s start with knowing what an SSL certificate is, why you need it, and how you can get one.
What is SSL certificate?
We know or should know that the website URL contains a protocol.
Yeah I know that’s a technical word but just look at your website URL and you will see either an HTTP (Hypertext Transfer Protocol) or HTTPS (Hypertext Transfer Protocol Secure) on it.
So what’s the difference between HTTP and HTTPS?
Simply put, if you are seeing HTTP when visiting a website, that means the connection between your browser and the server of the website is not secure. It’s not private.
It’s like you are talking to your friend about the crimes you’ve done last night and lots of people around listening to your conversation. That’s creepy right? Yeah I know it is.
So you might want some sort of a privacy so anyone can’t hear your conversation. You might want to go inside the room or go to a private place.
Same as visiting a website, if you will provide sensitive information to a website – paying using your credit card for example – you don’t want your card details to be exposed to public. So you need it to be submitted to the website securely, through a private or secure connection called HTTPS.
So maybe you are now convinced to use HTTPS over HTTP. Maybe you are now thinking to redirect your website users to the HTTPS version of your website to protect them.
But wait, I think I never mentioned that you cannot just simply use the HTTPS. You need something that will enable it on the website server, and this something is call SSL certificate. Yeah! Finally, we are now talking about SSL certificate!
So in a nutshell, SSL certificate is what enables or activates HTTPS protocol on the web server.
Debunking a myth about SSL Certificate
As what I have mentioned, you need an SSL certificate to activate the HTTPS version of your site. But before we proceed, there’s one thing that I want to clarify first.
Most website users think that SSL certificate will redirect their site to HTTPS automatically.
Unfortunately, that is not what SSL certificate is all about. Again, it activates the HTTPS version of your site, but it will not redirect your site to HTTPS. There might still be a chance that some users will access the non-secure version of your site – HTTP.
So here’s a comparison that might help you understand. However, if you already know about this, feel free to skip.
Website without SSL certificate
You can access the site via HTTP only.
If you will access the site via HTTPS, the browser will show you a security warning like the screenshot below:
This is also one of the reason why you should get an SSL certificate for your website, because some browsers or devices will redirect a website to HTTPS version automatically.
So if your website doesn’t have an SSL certificate, your website visitors will encounter the above warning. Enough to scare them away.
Website with SSL certificate
Well, you don’t have to worry about the security warning if you have an SSL certificate installed to your website server. This is because the HTTPS version of your site is already enabled.
But let us go back to the purpose of SSL. We want it installed to the website to protect users, right? So we might want all users to redirect to the HTTPS version of the site to protect them.
But then again, this has nothing to do with the SSL certificate, if you want all users to be redirected to the HTTPS version of your site, you need to configure a force redirection to it. There are different ways on how to do it, but we will not talk about it here.
How to get an SSL certificate?
Most web hosting companies if not all, offer SSL certificate. So if you want to buy one, it is recommended to buy it from where your website is hosted. This is the most efficient way, because your web host can easily provide you the requirements that you need to buy and install the certificate.
Before buying your SSL certificate, you need to know the following:
- Types of SSL certificate
- Requirements for SSL certificate
Types of SSL certificates and their requirements
There are different types of SSL certificates. While they are the same in terms of encryption – 256 bit – their differences can be determined by the level of the authentication.
Domain Validation (DV) SSL certificates
DV certificate is the quickest, easiest and most cost-effective SSL certificate you can get. You can even get this SSL certificate for free. This type of certificate only requires proof of ownership of the domain name that you want to secure.
Though DV is the most cost-effective SSL certificate, it is not ideal for commercial websites. The Certifying Authority will not examine the legitimacy of the organization who will request for a DV certificate. Thus, its trust level is low, and is not recommended for commercial websites.
- Domain ownership validation
Organization Validation (OV) SSL certificates
OV certificate is way better than DV, because it has a higher trust level. It has a step higher authentication than DV.
To receive an OV certificate, the organization must prove that it owns the domain name, and prove that the business it operates is registered legally. Thus, this type of certificate is ideal for commercial websites.
- Domain ownership validation
- Proof that you are operating a legitimate business
Extended Validation (EV) SSL certificates
EV certificate provides the highest level of trust and highly recommended for business websites. This is because it will display the name of the organization when you click the padlock on the address bar. This is the most recognized indicator of a secure and trusted website.
- Domain ownership validation
- Proof that your business is legitimate including its physical address
Alright. I think you are now ready to secure your site. Good luck!