ssl

SSL (Secure Socket Layer)

SSL is the standard web security technology for establishing an encrypted link between a web server and a web browser. This link ensures that all data passed between the web server and web browsers remain confidential & unaltered.

SSL Certificates

SSL Certificates are small data files that digitally bind a large unique set of characters (cryptographic key) to an organisation’s details. When installed on a web server, it activates the padlock symbol in the web browser’s address bar and the HTTPS protocol (over port 443) and allows secure connections from a web server to a browser.

HTTPS-lock

The Need for SSL Certificates for Websites

SSL certificates help websites gain an advantage over their competition by certifying they are more trusted & legitimate. Also, these certificates provide assurance to website visitors that their data cannot be tampered with or forged by hackers.

There are TWO aspects to address with regards to building online trust for websites:

  1. Secured interactions while on the website
  2. Customers need to know they’re on the correct website

SSL certificates ensure that a customer’s sensitive data, like personal information, credit card details, social security number, etc. can be transmitted securely from web browser to server. Certain types of SSL certificates go a step further and also certify the website to be the correct website to visitors.

The following types of websites mandatorily have to use SSL certificates:

  • Banking & Insurance websites
  • E-commerce & Bill payment websites
  • Payment gateway services
  • Any website desiring PCI compliance
  • Social Networking websites
  • Web-based E-mail websites
  • Online File storage websites
  • Remote HTTP Web API services

They are recommended for ANY website that requires customers to login or submit any details / data.

Search engines such as Google are also planning to increase relevance of websites using SSL in their search results. So the use of SSL Certificates from well known Certifying Authorities (CAs) will improve their SEO score.

“…over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.” – Google Online Security Blog

SSL Certificate Types

Domain Validated (DV) or Standard SSL certificate is where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal. This lets the visitor know all communications with this website are secure.

Organization Validated (OV) or High Assurance SSL certificate is where the CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organisation. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust.  This lets the visitor know all communications with this website are secure, that they’re on the right website & that the organisation behind it exists.

Extended Validation (EV) or Premium SSL certificate is where the Certification Authority (CA) checks the right of the applicant to use a specific domain name PLUS it conducts a THOROUGH vetting of the organisation. The audits are repeated yearly to ensure the integrity of the issuance process. This lets the visitor know all communications with this website are secure, that they’re on the right website & that the organisation behind it exists and is genuine.

ev-ssl

Factors in selecting an SSL Certificate

  • Brand – Always buy from well-known brands such as Symantec, GeoTrust, Thawte, or RapidSSL
  • Security-level – Always go for atleast a 128-bit encryption key, although 256-bit is highly recommended
  • Speed of issue – If you’re in a hurry better go with a CA who can issue a certificate in minutes.

Getting an SSL Certificate

Step 1: Generate CSR on your Website’s web server

With the help of your webmaster / server administrator generate a CSR (Certificate Signing Request) key by providing your organisation details during the generation process.

You can verify your CSR key details on this page.

Step 2: Buy SSL certificate for Website server

You do not need a webmaster / server administrator for this step.

You may purchase the certificates from the websites of the top SSL certificate brands, or from ssl.iwebz.net where you get the same SSL certificates from top brands for much lower than their listed prices.

Select & Purchase the certificate you desire for the duration you need it to secure your Website.

Step 3: Complete the enrollment process

After your certificate purchase, you will receive an important email with a link to complete your enrollment / verification process starting with uploading the CSR you generated in Step 1.

Follow all the steps as soon as possible, as outlined in the enrollment process, so you can be issued your SSL certificate at the earliest.

If you found this post useful I’d appreciate it if you could rate it well & generously share it with others who want this info.

Have questions or something to share? Go to Comments

You can use the Social Sharing buttons provided or just Copy-Paste the link to this post wherever you wish.