Clients often have lots of questions about SSL certificates. They often wonder what it actually does for their websites, and whether they even need an SSL certificate at all. We have put together this post to answer all of the most common questions we're asked.
What does SSL stand for?
SSL means Secure Socket Layer
There are other acronyms you might want to know about too, such as HTTPS or TLS. These stand for Hyper Text Transfer Protocol Secure and Transport Layer Security respectively.
What is an SSL certificate?
An SSL Certificate encrypts the data sent between a computer and a website, so that only the intended recipient can view the data. Put simply, this means that no one else can spy on any data that a website user sends to a website.
As you can imagine, this sort of encryption is very important for eCommerce sites where users are sending credit card information between their computers and the website they're buying from. You wouldn't want any one else to have access to this data!
How do I know if I have an SSL certificate installed or not?
You'll know if your website has an SSL certificate or not by the presence of the lock icon in the address bar. If you see this icon, then your site is SSL secured.
Do I actually need an SSL Certificate? Why should I get one?
Well, first of all, there is no reason not to have one!
If your site deals with things like...
- Credit card or other payment information
- Contact forms with personal information
... Then you should have an SSL certificate!
Even if your site is not dealing with this sort of sensitive data, there can still be many reasons why a site owner should have an SSL on their website.
The biggest one is Google. Google loves to see that your website is secured, and it is generally considered to provide a bit of a 'boost' to your website ranking. And that's always a good thing.
What certificate should I get? How much should I spend?
This is probably the question we get asked the most! The answer, of course, is 'it depends'
For your average small business website, that has no payment gateways or exchange of sensitive information, you can go with the cheaper options.
However, for websites that exchange a lot of data, such as eCommerce sites, or any kind of website that exchanges sensitive information between users and the site, we might suggest going for a more secure, and more expensive option.
How do I get an SSL certificate?
For a site owner, simply ask your web developer. They will be able to tell you your options.
You may also contact your web hosting provider, but depending on your hosting provider, they may be more interested in upselling you a more expensive option than you need!
At Futhark, every site that we develop and host includes a FREE SSL certificate installed at no extra charge.
So I have an SSL certificate. That means my site is secure, right?
Not so fast. An SSL certificate guarantees a secure connection to a website. That does not mean that the website itself is secure. It also does not mean that you are impervious to hackers.
For example: A phishing website - a scam website that tries to get your username and password - can have a legitimate SSL certificate, and display the comforting green padlock icon in the address bar. That does not mean it is a safe website! It simply means your connection to that website is encrypted.
For another example, even if you have a certificate, if a hacker gets a hold of your website login information, they will be able to access the backend of the website, and your SSL certificate can do nothing to stop it.
Put simply, an SSL certificate ensures that no one can spy on the data you are sending to a website. That does not make your site bulletproof.
For more advice on website security, see our post here, or get in touch with one of our web developers to discuss website security options!
My browser is telling me my website is insecure. What does that mean?
Google Chrome has started tagging website that lack a certificate as insecure. Should you be concerned?
Well, as we have covered in the previous section, SSLis only encrypting data sent between the user and the website. So as long as your website is not handling sensitive data, this is not a major issue.
However, many website owners are concerned that browsers are telling their users that their site is insecure, and for this reason alone, it is worth acquiring an SSL certificate.