Have you ever noticed that some URLs start with HTTP: //, while others begin with HTTPS: //?
You may have noticed that extra “s” when browsing websites that require you to provide sensitive information, such as those where you can pay bills online.
But where does that extra “s” come from, and what does it mean? To put it simply, the additional “s” means that your connection to that website is secure and encrypted and that any data you enter is shared securely with that website. The technology that powers that little “s” is called an SSL certificate, which stands for “Secure Sockets Layer.”
What is an SSL certificate?
SSL certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and HTTPS protocol and enables secure connections from a web server to a browser. Typically, an SSL certificate is used to protect credit card transactions, data transfers, and logins, and more recently, it’s becoming the norm when watching browsing on social media sites.
SSL certificates and other web elements to which they bind
SSL certificates do not work alone but tie in with other elements such as:
- A domain name, server name, or hostname
- An organizational identity (i.e., company name) and position
An organization must install the SSL certificate on its webserver to initiate a secure session with web browsers. Once a secure connection is established, the server will protect all web traffic between the web server and the web browser.
When an SSL certificate is properly installed on your server, the application protocol (also known as HTTP) will change to HTTPS, where the “S,” as mentioned above, stands for “secure.”
How does an SSL certificate work?
SSL certificates use something called public-key cryptography.
This particular type of encryption harnesses the power of two keys that are long strings of randomly generated numbers. One is called a private key, and the other is called a public key. A public key is known to the server and available in the public domain.
Users can use it to encrypt any message. If Alice is sending a message to Bob, she will lock it with Bob’s public key, but the only way to decrypt it is to unlock it with Bob’s private key. Bob is the only one who has his private key, so Bob is the only one who can use it to unlock Alice’s message. If a hacker intercepts the message before Bob opens it, all he’ll get is an encryption code that he can’t display correctly.
If we look at this in terms of a website, the communication is between a website and a server. Your website and your servers are Alice and Bob.
Why do I need an SSL certificate?
SSL certificates protect your sensitive information such as credit card information, usernames, passwords, etc.
SSL certificates must issue a trusted certificate authority (CA). Browsers, operating systems, and mobile devices maintain lists of trusted CA root certificates.
The root certificate must be present on the end user’s machine for the certificate to be trusted. If it is not trusted, the browser will present untrusted error messages to the end-user. In e-commerce, such error messages cause an immediate lack of trust in the website, and organizations risk losing trust and consumer business.
Is the SSL certificate useful for SEO?
Yes. Although the primary purpose of SSL is to protect the information between the visitor and your website, there are also SEO benefits. According to Google Webmaster Trends Analysts, an SSL certificate is part of Google’s search ranking algorithm. Also, let’s say that if two websites are similar in the content provided, but one has SSL enabled and the other does not, that first website might receive a slight rank boost because it is encrypted. As a result, there is a clear SEO advantage to enabling SSL on your website and all your pages.
So all you have to do is purchase and enable an SSL certificate for your website for numerous immediate benefits.