Article brought to you by Nilead, a website builder platform with fully managed design and build service.
"SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry-standard and is used by millions of websites in the protection of their online transactions with their customers."
Transport Layer Security (TLS) is the successor to SSL but since SSL is by far the most common term on the Internet people still use SSL when talking about these terminologies.
Without SSL, all the data transferred between you and the webserver can be intercepted by others. For eCommerce websites that take customer's sensitive information, this could mean hacked credit cards and other information. For other types of websites, this could mean that the 3rd parties can easily track your browsing traits.
Look at the URL of the website. If it begins with “HTTPS” instead of “HTTP” it means the site is secured using an SSL Certificate (the S stands for secure). SSL Certificates secure all of your data as it is passed from your browser to the website’s server. To get an SSL Certificate, the company must go through a validation process.
It makes sense to always use SSL for your website whenever possible. However, there are different levels of validation:
Extended Validation (EV) SSL Certificates: where the Certificate Authority (CA) checks the right of the applicant to use a specific domain name PLUS it conducts a THOROUGH vetting of the organization. The issuance process of EV SSL Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007, that specify all the steps required for a CA before issuing a certificate, and includes:
Verifying the legal, physical and operational existence of the entity
Verifying that the identity of the entity matches official records
Verifying that the entity has exclusive right to use the domain specified in the EV SSL Certificate
Verifying that the entity has properly authorized the issuance of the EV SSL Certificate
EV SSL Certificates are available for all types of businesses, including government entities and both incorporated and unincorporated businesses. The second set of guidelines, the EV Audit Guidelines, specify the criteria under which a CA needs to be successfully audited before issuing EV SSL Certificates. The audits are repeated yearly to ensure the integrity of the issuance process.
Who may need this type of SSL certificate: banks or organizations that require a high level of validation. For these organizations, they need to ensure both the security of the data transferred and the validity of the website (are they who they really claim they are?)
Organization Validation (OV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organization. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust.
Who may need this type of SSL certificate: organizations that do not need the level of validity insurance that EV SSL certificates provide but still want to show customers they are validated entities.
Domain Validation (DV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.
Who may need this type of SSL certificate: organizations who care about the security of the data transferred but do not need to prove the organization validity (or already have other ways to prove that)
Since the validity of the SSL certificate depends on the validity of the Certificate Authority (CA), the cost of an SSL certificate can vary depending on the CA. In theory, the bigger player such as Verisign can give a higher level of trust and validation. For that reason, certs issued by Verisign can be many times more expensive than certs issued by smaller players such as RapidSSL.
SSL certs are not extremely difficult to set up, but they still require an additional amount of work to set up and maintain. In some cases, it's also necessary to purchase dedicated IPs for SSL certs.
It's also noteworthy that the server will require a bit more resources to handle these SSL requests and this may imply an increase in spending on server infrastructure.
SSL can make your website load faster: with the new http2 protocol (which requires SSL to work in most cases), websites can be loaded faster (in theory)
Web pages with SSL can have a slight SEO advantage over web pages that don't. Google has posted a blog post that mentioned the slight ranking advantage of website with ssl/https
All websites hosted on with Nilead have Domain Validation (DV) SSL Certificates by default. It means your customers will enjoy the benefits of advanced security, speed, and search engine optimization at no additional cost.