What is an SSL Certificate?

Before we get into whether your site needs an SSL certificate (spoiler: it does), let’s go through the basics. A Secure Sockets Layer (SSL) certificate acts as your website’s security guard by encrypting data shared between a server and a browser. In other words, this digital certificate helps protect sensitive information sent between two systems (think the user and your website). This is especially necessary when your website allows for personal data to be input (eg. a contact form, newsletter signup, payment info, etc.). 

There are three obvious ways to tell whether a website has an SSL certificate:

  1. In the browser’s address bar, to the left of the URL, there is a padlock icon. You can click that icon to read more details about the security of the site.
  2. The URL starts with “HTTPS” instead of “HTTP.” “HTTPS” stands for “HyperText Transfer Protocol Secure,” whereas “HTTP” is missing the “secure” element.
  3. If a website does not have an SSL certificate, you will likely get a warning letting you know the site is not safe from your browser.

How Does an SSL Work?

SSL certificates scramble data shared between two systems to help boost security. They do this using encryption algorithms in an effort to prevent hackers from getting ahold of personal information. When someone shares their private details with your site, the last thing you want is for that data to be breached. 

P.S. This is why you should never enter that information on a site with no SSL certificate.

via GIPHY

The Encryption Process

As you may have guessed, a lot goes into the process an SSL takes to encrypt data. Without going into great detail, let’s take a look at the overall steps:

  1. A user attempts to go to a website that has an SSL certificate installed. The user does this via a browser or server so that browser or server asks that website’s server to prove it’s safe.
  2. The website’s server sends a copy of its SSL certificate to that browser or server to show it’s legit.
  3. The user’s browser or server takes a look at the certificate to authenticate it. If it looks safe, it lets that website’s server know the interaction between the website and the user may begin.
  4. The website’s server sends over a digitally signed acknowledgment of the approval to start the session that will be encrypted.
  5. Data shared between the parties is encrypted.

That may still be a little confusing and I’m feeling silly so I’ll explain it again in the form of a skit. Sometimes something ridiculous can really help things click.

Act One. Scene One. HTTPS Town, Webville. 

Janet, a user’s browser, is opened by Meg. She needs to do some research for work and is visiting a website. That website’s server, Otto, is ready to help Janet.

JANET
Hey, there!

OTTO
Hi! How can I help?

JANET
It looks like you’re secure but you know I’ll need some proof. 

OTTO
Sure thing. 

He passes Janet a copy of his SSL certificate.

JANET
Perfect! Want to work together?

OTTO
Sounds good. 

They shake on it and Meg can get started.

End scene.

The agreement is actually referred to as the “SSL handshake” and the entire process takes place in just milliseconds.

Why Your Site Needs an SSL Certificate

I’m sure you’ve picked up on it by now but in case there’s still a question, allow me to clear it up: your site needs an SSL certificate to protect user data, show users they can trust your site, and prevent hackers from cloning your website. It can also help protect your site from other threats, such as phishing scams.

Protecting Confidential Data

An SSL certificate helps safeguard tons of confidential user data, including:

  • Credit card transactions
  • Bank account information
  • Login credentials
  • Addresses and phone numbers
  • Medical records

Basically, any proprietary or personal information someone wouldn’t want to be made public should not be shared with a website that is not protected by an SSL because users are at a higher risk of that information being stolen.

via GIPHY

Affecting Google Rankings

Google penalizes sites that are not secured with a properly installed SSL certificate by knocking them down in search rankings. This is largely because a site without an SSL is not secure and therefore, can’t be trusted. While it may not be the biggest ranking factor, it’s there and it matters. 

Loading Site Elements

Let’s say your site launches without an SSL or you allow your SSL certificate to expire. Without that SSL in place, the website will automatically try to point to the HTTPS version. Elements won’t load, the content will be hidden, and you’ll have a mess on your hands. In short, if you want your website to look like it should, get that SSL and keep it up-to-date. Somewhat related: don’t ignore emails about renewing your domain/hosting either.

Ensuring Your Site is Safe

If you think of your website as a house, the SSL certificate is the security system. It protects you and anyone who comes into your house from outside threats. We can help make sure you have your SSL certificate in place and that your domain is set up properly. We also offer update plans and digital marketing to ensure your site is always in tip-top shape, so hit us up!