SSL certificate - what is it? All you need to know

print · Время на чтение: 8мин · by · Published · Updated

Listen to articleListen to this article

SSL certificate - what is it? Types of certificates, classification.

What is an SSL certificate? It's easy to get lost in the abundance of information on this topic, especially when everyone seems to be talking about the same thing. Don't be afraid. In this article, I will tell you exactly what SSL represents on your website. You will learn:

  • What is Secure Sockets Layer?
  • What types of SSL certificates are available.
  • What type of certificate is right for you.
  • Why install a security certificate on the site at all and much on this topic.

1. What is SSL?

Secure Sockets Layer, more commonly referred to as SSL, is a security protocol used by responsible website owners to encrypt all communications to and from your website. When SSL is installed on a web server, the visitor will see a reassuring padlock next to your website URL.

Basic SSL security certificate example.

The more important question is why should you encrypt all communication with your website? Simply put, it's because you want protect your visitors from hackers stealing their information. Information such as credit card information, usernames and passwords, and personally identifiable information. In short, sensitive material.

There are also important aspects privacy and security. I will review them in more detail below.

2. Different Types of SSL Certificates

SSL certificates can be classified according to the number of sites and the verifications they offer. Most often, a domain verification certificate will suffice, but it's worth checking out all the options available and then choosing the most appropriate SSL certificate for your site.

— Classification based on validation

It has been established that an SSL certificate is used to verify that your site is legitimate and that you are the rightful owner of it.

SSL certificates can offer 3 different types of validation and these are directly related to the level of validation required:

I. Domain Validation (DV): here you just need to demonstrate that you are in control of the website. E-mail confirmation is sufficient.

SSL example - SSL certificate for domain verification.
II. Organizational Review (OV): To obtain this certificate, you need to verify that you are the owner of the website. The CA will contact you through the information provided when you requested the SSL certificate.

Example -Ssl certificate to verify the organization.
III. Extended Validation (EV)A: Certificate issuing authorities will do their best before issuing this certificate. First, they ensure that the organization your website represents is legitimate. They then verify ownership and finally contact the business owner to confirm that an SSL certificate has been requested in their name.

Example - Domain Extended Validation Certificate.

— Classification by the number of websites

I. Single: speaks for itself; this type of certificate is used for one domain.

II. wildcard: It's less obvious that this certificate is used for websites with multiple subdomains.

III. Multidomain: Also known as a Uniform Certificate or Subject Alternative Name (SAN), this type of certificate is purchased for 100 domains. The point is to save money and time by purchasing multiple certificates at once. In this case, domains must be located on the same server.

If you need to manage multiple websites, keeping track of every update and renewal can be incredibly tedious, not to mention stressful. Try WPRemote and localize all website management tasks in one convenient panel.

3. What type of certificate is best for your site?

Figuring out which certificate you need may seem daunting, but trust us, it's not as hard as you think.

To make things easier, we will tell you what works best for a particular type of business.

  • For banks, financial institutions, and large international retail or e-commerce brands, Enterprise Verification certificates are the best option. These certificates are focused on visibility and promote visitor trust.
  • For mid-sized retail brands that collect personal information for marketing purposes, Organizational Review is the best option.
  • For small businesses that collect information about browsing habits and email, domain verification works great.
Although organization and enterprise validation requires more validation than domain validation, at first glance they look the same.

Regardless of which SSL certificate you choose, website security doesn't stop there. Encryption is a good start, but it's only the beginning. To give your visitors maximum security, you need a fully featured security suite.

4. What should I do after installing the SSL certificate?

Installing an SSL certificate is only half the battle. You will need to make sure the certificate is properly installed on all of your posts and pages.

First you need to make a backup copy. Similarly, before proceeding with any of the steps in this section. Yes, it's a necessary pain, but wouldn't it be better for you to have that safety net?

- Use HTTPS throughout the site

To force the use of SSL on the entire site, you need to follow these steps:

  1. Change your website address in the WordPress dashboard;
  2. Paste the code snippet into your hosting server.
There are plugins to help you do both.

- Update Google Analytics, Google Search Console and other web services

Once the SSL certificate is installed, your website URL will change to https://

Google Analytics and Search Console think this is a different URL. Google won't start tracking your website until you add a new URL to Analytics and Console. SEO plugins like Yoast should automatically generate a new sitemap. But if they don't, you'll have to generate it manually.

Important: SSL certificates are issued for a period of 12 to 36 months. When the one you have expires, you will need to renew it. Your web host or CA may give you the option to automatically renew your certificate, but it's important to keep it valid.

5. Why do you need to install an SSL certificate?

If you run an e-commerce store, information security is more obvious, and often more expected. People are transacting on your website and you want to ensure that your customers experience is as secure as possible. You don't want their personal information to be compromised by a hacker.

But let's say you don't have an e-commerce site. You are using a regular site without any transactional activities. Is SSL required for this type of website?

Yes. Yes I need it.

However, the need for encryption in these cases, and in turn SSL, is more subtle. There are two aspects to think about here: security and privacy.

Also, the best possible security should always be your rule of thumb for your website.

Let's look at safety first

Every time you log into your site to post an article or view a comment, you submit your username and password to the website. This information passes through the Internet openly, and anyone who monitors the traffic can read this information. While it's not easy to keep track of, it's very easy when you're using public Wi-Fi, such as in a coffee shop.

By using SSL or by encrypting your data, you guarantee that your password will not be compromised.

Okay, but what about privacy?

Encrypting communications to protect passwords is fairly easy to understand, especially in this day and age. Privacy has been getting a lot of attention lately, and for good reason.

Whenever someone visits a page on your website, they are sharing an aspect of their life. If your website is about a health related topic, this information is extremely sensitive. There are many similar use cases that span across industries.

Perhaps our websites may not seem so important, and this information may seem trivial - at least at first glance. But this, of course, is not the case. Considered in isolation, the information may be trivial, but when combined with other tracking factors, each bit of information can be highly revealing to a person.

Therefore, by using SSL, you ensure the privacy of all visitors to your website.

Google wants you to use SSL

In a less altruistic vein, it's important to consider that Google has been actively promoting SSL over the past few years. Back in July 2018, they announced that they wanted to make the Internet a safer space for their users. To this end, they have made it mandatory to use an SSL certificate. As such, they show warnings to indicate when a site is not secure with SSL.

Google has also added SSL as a signal to their ranking algorithm. Therefore, an insecure site will be penalized by Google for not ranking in search results. The bottom line is that you need an SSL certificate. There is no good reason not to get it.

6. What's next?

An SSL certificate is the starting point for securing a website. There are many ways that hackers can access your website and end up destroying it along with your brand reputation and other important assets.

Use a firewall between your site and incoming traffic to prevent hackers and bots from accessing your site. It will crawl and monitor your site daily.

Some frequently asked questions

1. What to do if your web host does not offer an SSL certificate?
If your web host does not offer an SSL certificate, you can purchase one from authorities such as Comodo, DigiCert, GeoTrust, GlobalSign, and RapidSSL; or get it for free from Let's Encrypt. You will have to manually install the certificate.

2. How to install SSL without cPanel?
You can install an SSL certificate without cPanel access using your web host's internal control panel. Not all web hosts offer cPanel to help clients manage their sites. Instead, they use their own custom hosting control panel. You can use this to install an SSL certificate.

3. SSL does not appear on the login and administration pages.
If your SSL is not showing up on the login and administration pages, you need to force it.

4. How to handle SSL when changing web host?
When you change your web host, you will also have to migrate your SSL certificate. If you used the original web host's free SSL certificate, it will be removed when you migrate to a new one. Ideally, the new web host should install their own free SSL certificate.
However, if you have a paid SSL certificate, the same certificate can be configured on the new host's servers just like you would install a third-party certificate.
Your new web host is a good place to get help as they will invest in a smooth transition to their services.

5. How do I remove the mixed content warning?
You can remove the mixed content warning from your WordPress website by installing a plugin called SSL Insecure Content Fixer.

Thank you for reading Nicola Top

How useful is the post?

Click on the smiley to rate!

average rating 4.9 / 5. Number of ratings: 37

There are no ratings yet. Rate first.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × one =