What is SSL? (What Businesses Need to Know)
Imagine your customer wants to buy a product from your website - like an awesome camera. They need to give you their information so you can process the order from your web server.
But as a business, you’re now responsible for keeping their details like full name and credit card number safe from hackers. Which is no easy task!
The solution to this problem is to get an SSL certificate.
Getting an SSL certificate is equivalent to putting your buyer’s data in an armored car with guards around it during transportation. It protects the data from hackers while it’s being sent to you.
Let’s take a look at SSL and find out how it keeps your customers safe.
What is an SSL Certificate?
If you go up to the top left corner of your taskbar, you should see the tiny padlock beside the website.
The padlock is an indicator that the ITS website has an SSL Certificate.
On other web browsers, you may notice that instead of HTTP://, the website URL starts with HTTPS://. That is another sign the website you’re on has SSL.
SSL stands for Secure Sockets Layer, which means that all data is encrypted from that web page.
An SSL certificate is a document that proves a third-party (known as a Certificate Authority or CA) verified the identity of the webserver you’re connecting to.
So your customer (and you!) are now protected on two fronts: your message isn’t altered, and you’re interacting with the verified user.
You’ve established an encrypted and verified link between a browser and web server by having an SSL certificate. It prevents hackers from causing damage in the middle of the data transfer (AKA “man-in-the-middle” attacks).
And surprisingly, SSL’s use is not limited to websites. You can also get an SSL certificate for your mail server.
Kinds of SSL Certificates
Just like being able to use an SSL for different types of servers, there are also other kinds of SSL certificates.
But SSL certificates aren’t different in terms of encryption strategy. Here’s a well-kept secret: all SSL certificates provide the same level of security.
Instead, you have SSL certificates based on the number of domains covered and different levels of validation.
Levels of Validation
Let’s start with the three levels of validation you can have for your SSL certificate. Remember, a trusted third-party issues SSL certificates.
Therefore, these levels are differentiated based on the number of documents the user provided to the third party to prove they’re who they say they are.
The three kinds of SSL certificates based on level of validation are:
- Domain validated certificates (DV SSL)
- Organization validated certificates (OV SSL)
- Extended Validated certificates (EV SSL)
Domain Validation SSL Certificates
Domain Validation is the most accessible level of validation for an SSL certificate. As a business owner, you only have to prove you own the domain. Certain CAs automate the verification of this SSL certificate.
It’s also the cheapest, which makes it most often used for personal blogs, small businesses without an online store, and online portfolios.
Organization Validation SSL Certificates
For organization validation, you will need to prove that the organization behind the website exists. The CA will ask for your organization’s name & address to include in the SSL certificate and verify if you own the domain.
Extended Validation SSL Certificates
Extended Validation (EV)is essentially a full background check. You’ll need to provide proof you’re a registered business.
It takes the longest validation time amongst the three and is also the priciest. However, it’s the most trustworthy SSL certificate. EV SSL certificates are recommended for large businesses, banks or financial institutions, and online stores.
It also comes with the satisfaction of a green URL, address bar, or mini padlock. It’s a great way to distinguish your business as a secure space for your consumers.
Number of Domains Covered
After deciding on the level of validation, you’ll need to decide the number of domains you want your SSL to cover.
The four SSL certificates are:
- Single-domain SSL certificates
- Wildcard SSL certificates
- Multi-Domain SSL certificates
- Unified Communications SSL Certificate
Single-Domain SSL certificates
A single-domain certificate is a straightforward SSL certificate that covers one domain and all the pages in it. You can get a single-domain certificate with domain validation, organization validation, and extended validation.
Wildcard SSL certificates
Wildcard SSL certificates protect one domain and unlimited subdomains. Let’s say you have “mywebsite.com” but want to make a subdomain for online logins called “login.mywebsite.com.”
A wildcard SSL certificate will ensure that your domain, subdomain, and all pages underneath, are encrypted. This is perfect for businesses who plan on expanding their website, as it’ll save you from having to get an SSL certificate for each subdomain.
However, you cannot use an Extended Validation SSL certificate for this type of SSL.
Multi-Domain SSL Certificate
Multi-Domain SSL certificates are designed for organizations running multiple websites; this certificate can cover up to 100 different domains.
It’s more expensive upfront but will save your organization money in the long run if you run multiple domains.
Unified Communications Certificate
Unified Communications (UC) certificates overlap with multi-domain SSL certificates. UC certificates can also protect 100 different domains, but they’re designed to work best with IT environments running on Microsoft servers & communication programs.
Do you need SSL?
All business websites must have an SSL certificate for the following reasons:
- Google favors websites with an SSL certificate.
- Customers are demanding a higher level of data protection from the businesses they interact with.
- Browsers will block users with a warning that your website isn’t secure.
A few years ago, SSL was primarily required for websites that collect information from customers. But in 2021, SSL certificates are a bare minimum for all websites.
You should also consider installing an SSL certificate for your mail server, for an extra level of security for you and your clients.
About to put in an SSL certificate to secure your website?
So, to recap:
- Customers need to feel secure in your website & email, and SSL certificates are how you provide that security.
- SSL certificates ensure that you and your customer have an encrypted and verified connection to send data across.
- There are different kinds of SSL certificates based on their level of validation and the number of protected domains.
- Every website should have an SSL certificate to protect its customers, improve SEO ranking, and prevent it from being flagged as an insecure domain.
As a website visitor, seeing either the padlock or HTTPS:// can give you peace of mind.
As a business owner, having an SSL certificate will raise the amount of trust customers place in you. And as a Managed IT Service Provider, ITS knows business is all about building trust between you and your clients.
And to build that trust, you need to protect your customers beyond an SSL certificate. Read “Top 15 Cybersecurity Best Practices” to learn more strategies to protect your customers and your business.