Ever wondered why some websites begin with “http://” and others with “https://”? That “s” stands for “secure,” and it indicates that the site you’re browsing is using a protected, encrypted connection. This measure of security has become increasingly important for all sites on the web—both to protect users’ sensitive information and to improve SEO.[Above, the Twitter URL as it appears in Chrome, showing the lock icon and https:// protocol.]
So how does a site switch from “http://www.yoursite” to “https://www.yoursite,” and what does it mean when it does?
The answer lies in SSL (Secure Sockets Layer) certificates, a method of encryption that involves obtaining a verification from an SSL provider and installing that certificate on your site. In this article, we’ll discuss how SSL certificates work, why they’re important, and how to go about getting one installed for your site.
What are HTTPS and SSL?
HTTPS is really just the sum of a set of protocols: HTTP, SSL (or TLS), and TCP.
As a part of the HTTPS protocol, SSL is a secure way to send encrypted information between a server and a browser. Sites that use HTTPS safeguard their visitors’ information, and also earn better rank in search engines—even Google has prioritized sites using HTTPS.
Using public key cryptography (or asymmetric cryptography), any information that’s sent between the site (the user interacting via a browser) and the site’s server (with the database, operating system, etc.) is unreadable if it’s intercepted by another party. That can be anything from your username and password, credit card information, to other important data.
Only the intended recipient with the key to unlock that encrypted data can read it, keeping hackers and thieves out of the loop. Without it, any computer between a user and the server can theoretically intercept that information. Also, hackers can recreate or impersonate websites to lure users into entering sensitive information—something that’s easy to do if a user isn’t looking for that verification an SSL certificate can provide.
Are SSL and TLS the same thing?
Before we talk more about SSL certificates, you’ve probably seen SSL and TLS (Transport Layer Security) used interchangeably. So, is there a difference between SSL and TLS? The answer is basically no, because they’re both encrypted protocols and TLS is essentially a newer version of SSL. (SSL version 3.0 served as the basis for the first version of the TLS protocol.) TLS is a session layer protocol between the Application and Transport layers, and SSL is a high-level encryption for the transmission of encrypted data. With SSL, while an outside party may still access your data, without the encryption key they won’t be able to read it.
So what is an SSL certificate?
Think of an SSL certificate as a data file from a trusted provider that gets embedded in your website’s root directory to say “I own this site, and I am who I say I am,” with a cryptographic key that encrypts any web traffic between your site and server so it’s unreadable to prying eyes.
An SSL certificate is a digital certificate that authenticates the identity of your website, coupling together your domain name, company name, and location with a unique cryptographic key. Once that certificate is installed on your web server, your site has established a secure session with the web server via an HTTPS connection—something visitors will be able to know by the padlock icon next to the URL or another visual, depending on the browser.
This is your way of telling your customers that their information is safe with you—an excellent way to boost trust and loyalty, as well. It’s level of web security that isn’t just a “nice to have” anymore—SSL encryption is essential for bolstering security for your network and users alike.
Implementing SSL on Your Site
With SSL, you’ll be changing your domain name from “http://sitename” to “https://sitename.”
It’s relatively straightforward to obtain free SSL/TLS certificates and install them on your web server. You’ll need to get an SSL certificate from a provider like Cloudflare or Let’s Encrypt and then go about installing it. While this is possible to do even if you’re not too familiar with IT, it’s probably a good idea to engage a skilled DevOps professional for the task. For a step-by-step guide to setting up HTTPS encryption on your site, check out this article.
Alternatively, you can obtain or purchase an SSL certificate from your own hosting provider if they offer to handle the installation for you.
To get started, you’ll need to:
- Choose an SSL provider. You’ll want to look for a trusted, verified SSL provider that’s recognized by browsers, devices, and operating systems as a trusted certificate authority.
- Choose the kind of SSL certificate you want. Some SSL certificates require more background checks and verification to obtain.
- Strategize your switch to HTTPS. You’ll want to consider your timing and how to handle things like existing backlinks. For WordPress sites in particular, WPMUDEV provides an excellent SSL guide for timing your transition, how to handle existing backlinks to your site’s URL, and more.
To summarize: Why every site should be SSL-encrypted
Not convinced you need an SSL certificate for your site? Here’s a quick summary of what implementing SSL encryption on your site will provide:
- Better SEO ranking. SSL and HTTPS are not only valuable to security, but they’re also going to be helpful when it comes to SEO, ecommerce, and visual notifications about the security of a page in Google Chrome. The Google Security Team announced that the 56th version of Google Chrome will visually alert users when they’re not on a secure website with an SSL certificate.
- Safer, more secure data transfer between servers, with less chance of interception
- Increased trust with customers
- SSL is required for Payment Card Industry (PCI) compliance.
Get more work done faster with freelancers. Post a job today—it’s free!