What is SSL? A Beginner’s Guide to SSL Certificates
One of the primary reasons for putting up a website is so that it can be found and accessed by others. Whether you have a site this essential to your business or a personal blog, you want potential visitors to be able to locate you and feel that they are entering a trusted environment.
This is where SSL Certificates come into play. Short for Secure Sockets Layer (SSL) protocol, these are an essential layer of internet security for your website. While they were an option for some sites in the past, Google has now made having this a criteria for ranking, so everyone on the web should learn more about this service and take some action.
What is SSL and How Does it Work?
SSL is a web protocol that was developed by Netscape in the 1990s to enhance web security. SSL is closely related to Transport Layer Security (TLS), which is an updated version of the original SSL. In most cases, references to SSL refer to both. SSL allows servers and web clients to:
- Verify each other’s identity
- Encrypt messages sent between the two parties
- Ensure that there is integrity of messages being sent
When you use SSL with a website, it will display HTTPS:// instead of HTTP:// in front of the domain name. In the past, this was something that was commonly seen with financial and other data-sensitive sites, but it is now becoming more widespread.
SSL works using an SSL certificate that uses cryptographic keys and a combination of symmetric and asymmetric encryption. Symmetric encryption refers to the ability to encrypt and decrypt a message automatically because the same secret key is used. Examples of modern symmetric encryption include Advanced Encryption Standard (AES) and Data Encryption Standard (DES).
Asymmetrical encryption can also be used for digital signature generation. When the signature is generated, it’s done with a private key, and then it is verified using a public key. This combination of digital signatures is used to authenticate the identity of a web server.
Why SSL is Now Important to Google
When most people have a question or need to find a product or service, they turn to the world’s largest search engine – Google. The search engine giant has professed a love for its users and wants to do as much as possible to protect them from the bad elements that can lurk on the web. One of the ways that it promises to do this is by asking website owners to add an additional layer of security – or SSL.
This was a simple request a few years ago, and it still is. Sort of. However, there are now some consequences for not doing what Google wants. As of last July, Google began displaying a “Not Secure” message in the URL bar, just to the left of the website address, warning people that their “connection to this site is not secure.”
Beyond the unwelcome message from Google to web visitors, there is another reason to jump on the SSL bandwagon as soon as possible. It appears that sites that display the HTTPS instead of HTTP in front of their domain name will also achieve a slight rankings boost. Put another way, expect your site rankings to suffer if you don’t fall in line.
How to Install an SSL Certificate
SSL works by having a “Certificate” installed on your web domain. This is a digital document that will hold certain information such as:
- Who owns the SSL certificate
- The SSL certificate’s expiration date
- The public key that will be used for encryption
- The digital signature of issuing authority
Installing an SSL certificate on your website is quite simple, and there are several options.
- Some hosts will offer free SSL with one-click install options.
- Some hosts have paid options and will do the installation for you.
- You can buy or generate a certificate and install it yourself.
Assuming you are getting an SSL certificate from a trusted, commercial certificate authority (CA), and have cPanel access, you can install an SSL certificate yourself by following these steps.
Step 1: Generate a Certificate Signing Request (CSR)
- You will need to do this before you purchase an SSL.
- Login to your cPanel and go to the SSL/TLS Manager.
- Click on “Generate, view, upload, or delete your private keys.”
- Go to the section for “Generate a New Key,” enter or select your domain name, choose “2048” for “Key Size,” and click the “Generate” button.
- Click “Return to SSL Manager.” Select “Generate, view, or delete SSL certificate signing requests.”
- Enter your information and click the “Generate” button.
- You will receive a CSR. You can copy this and use it when ordering an SSL.
Step 2: Purchase your SSL certificate.
- Find a service that sells SSL certificates and choose the one that fit your needs.
- Upload your CSR to the service after your purchase.
- Download the certificate from the service.
Step 3: Re-open the SSL Manager in cPanel
- Click on “Generate, view, upload, or delete SSL certificates.” Click on the “Upload” button and upload your new SSL certificate.
- Click on the “Install SSL Certificate” button. Your server should re-start.
Step 4: Test your SSL Certificate
- There should now be an HTTPS instead of an HTTP.
The Different Types of SSL Certificates You Can Use
There is more than one type of SSL certificate available for your website, and these are distinguished based on validation level and the number of secured domains that it handles.
On validation level, a CA will issue an SSL certificate only after information has been validated, but the level of validation varies:
- Domain Validation. This is the lowest level of validation, generally automated and done by email.
- Organization Validation. A medium level of validation where the CA will contact the organization to verify its information.
- Extended Validation. The highest level of validation (often taking several weeks) with a lot of human involvement.
SSL certificates are also characterized based on how many domains or subdomains they protect.
- Single Domain. Protects just a single domain.
- Wildcard. Protects a single domain and an unlimited number of subdomains.
- Multi-Domain. Can protect up to 100 domains under the same certificate.
Now that Google is forcing most website owner’s move to HTTPS encryption, it makes sense to learn more about how SSL can benefit your website, including that rankings boost and increase website security. While there might be a slight learning curve with anything new and tech-related, putting SSL on your website will provide a better and safer visitor experience.