What Is and Why Do I Need An SSL Certificate To My Website? Guide For Dummies

I often receive such messages on my email:

Yes, there was an excellent webinar. There were a lot of questions, and I hope all visitors left with answers to all questions!

That is why today we are going to talk about these certificates! Sit down more comfortably and study my short essay.

Table Of Contents

· What is an SSL certificate?
Why should I protect and encrypt myself if I do not do anything illegal?
Can hackers hack websites with SSL?
· SSL is one certificate?
· How do I know which certificate I need?
Is it probably difficult to install an SSL certificate?

What is an SSL certificate?

It is a digital signature of a site necessary for the secure data transfer protocol in the network. The digital signature provides an encrypted connection between the user and the site. The information they exchange is protected from third parties — the provider, the operator, the administrator of the wi-fi network. This certificate also confirms the site’s authenticity — the user can check which company owns the resource.

Do I need an SSL certificate for my website and my site protected or not?

It is effortless to do. Look at the address bar (URL) of this page. To the left of it (or on it — it depends on your browser), you can see a green inscription, which means that this is the site of Medium. There is also a small lock symbol — all protected sites are marked this way. Another protocol, HTTP at the beginning of the address, is replaced by HTTPS (additional “s” means secure, “protected”).

Every user, when visiting any site, leaves a lot of information about himself. If there is no SSL certificate on such a site, the user’s data can be stolen. Therefore, first of all, online stores, banks, payment systems, social networks, forums — all those who process personal data and conduct financial transactions need to be protected.

Hacking a website with an SSL certificate is as easy as without it. This is not the case here. SSL certificates do not protect a site from hacking, but the information it exchanges with the user from being intercepted. And they also confirm that you are dealing with an official site, which belongs to a particular owner. That is, you can be sure that this is not a phishing page and not a clone site.

When I enter my login and password on a site that does not have a certificate, they can be stolen?

Yes, among other things. You can intercept financial information, your account data, correspondence content, etc., from an unprotected site. Unencrypted information can be intercepted by an unscrupulous Internet service provider, site hoster, or an intruder who is connected to the same WiFi network as you.

If the site is not secured, the Internet service provider may place advertisements on the site, monitor visits to sites, collect information to target advertisements, and sell the data to third parties. Browsers, search engines, and especially Google in their way fight against unprotected sites: for example, such pages are downgraded in search engine output. And even before you click on a link to such a website may display a warning screen. Also, SSL-certificate does not allow redirecting users to a swap resource.

SSL is one certificate?

There are several types of SSL certificates. First, they differ in the number of domains and subdomains for which they can be used. Secondly, in terms of how the site will be checked — there are three options:

First, DV (domain validation) SSL — confirms the domain and encrypts and protects the data during transmission using the protocol HTTPS. Both individuals and organizations can install it on their site. As a rule, it is released almost instantaneously (exactly no longer than 3 hours), after which a lock icon appears on the site (see paragraph 2), and the website becomes protected.

The second one — OV (organization validation) SSL — apart from information protection, the domain belonging to a particular organization is guaranteed. The certificate is issued only to legal entities with an actual phone number (before releasing the organization calls). On a site with such a certificate, the user can find information about the organization — the site owner, usually just by clicking on the lock icon. It is issued within three days.

The third one — EV (extended validation) — is the same as OV, but it has already checked both the company’s tax and commercial activities and in more detail. On the site next to the URL appears the company name. It is issued within five days.

So, where can I get an SSL certificate and adding SSL to the website? SSL Guide for dummies

In certification centers. There are about a dozen of them worldwide, but the leading market share is only three. Their partners also do the distribution of certificates.

I would like to advise a company that provides this SSL certificate for FREE to all its users. You can be sure that your site will not be affected by spam or viruses as your site will be protected by antivirus and other types of protection.

We are talking about InterServer. If you order hosting from them, or support guys will help you move your already created site to their server, the SSL certificate will get you for free (default), and you will not have to pay anything.

I heard that there are certificates that are issued for no reason. Why pay then?

First of all, only SSL certificates like DV (domain validation) are delivered free of charge. Secondly, they are often reissued for a fee. Thirdly, such a certification may not be suitable for some sites, for example, for resources in the financial sector. However, they can be a great solution as a test drive with an opportunity to save money for the first year.

How do I know which certificate I need?

Everything depends on the number of domains and the degree of verification required — the price of the certificate also depends on it. Once again, I will say that in InterServer, you can get a certificate for free! Read my review about this hosting company:

Not really, but if you do not have time to install it yourself, it is better to contact the professionals from InterServer. Support will do it for you for free.

I hope you liked my review of this issue. Write your comments and your opinion. Do not forget to subscribe to my Medium channel ;-)

Software developer with 30 years of experience