"SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers."
Transport Layer Security (TLS) is the successor to SSL but since SSL is by far most common term on the Internet people still use SSL when talking about these terminologies.
Without SSL, all the data transferred between you and the webserver can be intercepted by others. For eCommerce websites that take customer's sensitive information, this could mean hacked credit cards and other information. For other types of websites, this could mean that the 3rd parties can easily track your browsing traits.
How to know if your site is using SSL
Look at the URL of the website. If it begins with “https” instead of “http” it means the site is secured using an SSL Certificate (the S stands for secure). SSL Certificates secure all of your data as it is passed from your browser to the website’s server. To get a SSL Certificate, the company must go through a validation process.
It makes sense to always use SSL for your website whenever possible. However, there are different levels of validation:
Extended Validation (EV) SSL Certificates: where the Certificate Authority (CA) checks the right of the applicant to use a specific domain name PLUS it conducts a THOROUGH vetting of the organization. The issuance process of EV SSL Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007, that specify all the steps required for a CA before issuing a certificate, and includes:
- Verifying the legal, physical and operational existence of the entity
- Verifying that the identity of the entity matches official records
- Verifying that the entity has exclusive right to use the domain specified in the EV SSL Certificate
- Verifying that the entity has properly authorized the issuance of the EV SSL Certificate
EV SSL Certificates are available for all types of businesses, including government entities and both incorporated and unincorporated businesses. A second set of guidelines, the EV Audit Guidelines, specify the criteria under which a CA needs to be successfully audited before issuing EV SSL Certificates. The audits are repeated yearly to ensure the integrity of the issuance process.
Who may need this type of ssl certificate: banks or organizations that requires high level of validation. For these organizations, they need to ensure both the security of the data transferred and the validity of the website (are they who they really claim they are?)
Organization Validation (OV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organization. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust.
Who may need this type of ssl certificate: organizations that do not need the level of validity insurrance that EV SSL certificates provide but still want to show customers they are validated entities.
The cost of using SSL for your website
Domain Validation (DV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.
Who may need this type of ssl certificate:
organizations who care about the security of the data transferred but do not need to prove the organization validity (or already have other ways to prove that)
Since the validity of the SSL certificate depends on the validity of the Certificate Authority (CA), the cost of SSL certificate can vary depending on the CA. In theory, the bigger player such as Verisign can give higher level of trust and validation. For that reason, certs issues by Verisign can be many times more expensive that certs issued by smaller players such as RapidSSL.
Setup and maintenance cost
SSL certs are not extremely difficult to setup, but they still require additional amount of work to setup and maintain. In some cases, it's also necessary to purchase dedicated IPs for SSL certs.
It's also note worthy that the server will require a bit more resources to handle these SSL requests and this may imply an increase in spending on server infrastructure.
Added benefits of SSL
SSL can make your website loads faster: with the new http2 protocol (which requires SSL to work in most cases), websites can be loaded faster (in theory)
All websites hosted on with Nilead have Domain Validation (DV) SSL Certificates by default. It means your customers will enjoy the benefits of advanced security, speed, and search engine optimization at no additional cost.