What is a SSL Certificate?
These days, even if not everyone is tech-savvy, nearly all of us are at least good at browsing. People have to be, given how much of our daily lives is governed by the digital world. But just because people can use the internet and access websites doesn’t mean they know how they work.
Yet some technical aspects of websites should be common knowledge, especially when dealing with security issues. A SSL certificate (secure sockets layer) is a perfect example of a security component that site visitors and owners should understand.
So, what is a SSL certificate?
Summary: A SSL certificate is a type of digital certificate responsible for authenticating a website’s identity and creating an encrypted connection to it. It’s a popular and reliable standard for securing internet connections so cybercriminals can’t intercept communications, data transfers, transactions, and other sensitive information.
How a SSL Certificate Works
Imagine you’re trying to access a website or web server locked behind a SSL certificate. Your browser will send a request for the website to identify itself. In response, the browser receives a SSL certificate copy.
The browser then verifies the certificate to determine if it’s trustworthy. It will send the website or web server a digitally signed acknowledgment if it is.
The website can initiate a SSL encrypted session, and all the data shared between the website and the server will be encrypted.
This process is also known as a SSL handshake and, despite its complexity, requires very little time.
Of course, not all websites use a SSL certificate. To figure out if the server or site you’re trying to access can establish an encrypted connection, you must look for the https acronym.
The “S” indicates that the hypertext transfer protocol is secure. It should also be accompanied by a padlock icon in the address bar, regardless of what browser you’re using.
What Information Does a SSL Certificate Contain?
As with all digital certificates, a SSL certificate can contain many important details. These typically include the following.
- Certificate’s issue date
- Certificate’s expiration date
- Public key
- Associated subdomains
- Issuing certificate authority and its digital signature
- Domain that can use the certificate
- Organization, device, or individual that owns the certificate
Clicking or tapping the padlock icon in the address bar won’t necessarily reveal these details. These are the types of certificate elements a browser or server will verify before signing off the SSL handshake.
SSL Certificate Types You Need to Know
The different types of SSL certificates are categorized according to their various validation levels and processes. As such, there are six types to familiarize yourself with.
- Organization validated certificates
- Extended validation certificates
- Domain validated certificates
- Wildcard SSL certificates
- Unified communications certificates
- Multi-domain SSL certificates
Each one has a different process, encryption quality, security, and purpose in specific applications.
Organization Validated Certificates
An organization validated certificate (OV SSL) can only be obtained after going through a complex validation process. Once granted, OV SSL certificates can display information about the real website or web server owner in a browser address bar. This helps users distinguish real sites from malicious sites.
Due to how they work, OV SSL certificates are among the most expensive certificates you can get.
The main benefit of an OV SSL certificate is its ability to encrypt sensitive data during transactions. Because it protects confidential user information, all commercial websites should apply for this type of SSL certificate.
Other public-facing sites can also install an OV SSL if they have a log-in form and account holders.
Extended Validation Certificates
The EV SSL certificates are the most expensive SSL certificates. Due to the high price tag, they are mostly installed on high-profile sites involved with online payments and massive data collection.
Installing an EV SSL certificate on a website will display the https abbreviation, the padlock icon, the business’s name, and country of origin. These are details any user can see in the address bar and will help differentiate between trusted and malicious sites.
Obtaining EV SSL certificates is fairly simple. The website owner must submit to a verification process that’s pretty standard. It’s crucial to only apply for an EV SSL certificate after you register and obtain exclusive rights to a particular domain.
Domain Validated Certificates
A DV SSL certificate, or single domain SSL certificate, is much easier to obtain than EV SSL and OV SSL certificates. But this validation process comes with some drawbacks.
DV SSL certificates are known for having less encryption. Because of this, they offer fewer assurances and are not suitable for all websites and web servers.
A domain validation SSL certificate is a common choice for securing blogs, personal websites, informational websites, and other sites that don’t handle online payments or confidential and personal data collection.
Getting a DV SSL is as easy as proving your domain ownership via phone call or email. It’s a cheap and quick process that many small businesses and self-employed individuals prefer to use to add the https and padlock icon next to their address.
Users can see that the website offers some encryption, but won’t be able to see other specific details about the business.
Wildcard SSL Certificates
A wildcard SSL certificate is one of the best types of SSL certificates you can get. It enables owners to secure the primary domain and as many subdomains as they want using a single certificate.
Without a wildcard SSL certificate, you would need to obtain and install individual certificates on each subdomain. This can be very expensive, not to mention unnecessary, since wildcard SSL certificates exist.
Once installed, wildcard SSL certificates will be distinguishable through an asterisk in the address bar.
Unified Communications Certificates
A UCC, or unified communications certificate, is a type of multi-domain SSL certificate. These certificates go way back and were the go-to choices for securing Microsoft Exchange and Live Communications web servers.
Anyone can try to obtain one today and use it to secure several domain names on the same certificate. The validation process is organizational, and the UCC certificate will display the padlock icon.
It can also be used as an EV SSL, which will be indicative of exceptional encryption protocols.
Multi-Domain SSL Certificates
Multi-domain SSL certificates are often mistaken for wildcard certificates. But the two are quite different.
While a wildcard SSL certificate secures subdomains belonging to a single top-level domain, multi-domain SSL certificates can secure unique domain and subdomain combinations from multiple top-level domains on the same certificate.
Obtaining this type of certificate will require extensive information sharing and verification, especially due to potentially using multiple host names.
Why Is Using a SSL Certificate Important?
There are three main reasons to install a SSL certificate on your website or web server. One is for safety concerns, and the other two have to do with the perception or image your site projects to the rest of the world.
It Adds Security
If you’re asking a user to share personal details, log-in credentials, financial details like credit card numbers, health information, and other data, they expect you to protect it.
That means securing your database and preventing hacks. But accessing your database isn’t the only way someone can gain access to confidential information.
A SSL certificate makes otherwise public interactions private, and harder to intercept.
It Boosts Traffic
A SSL certificate is not a marketing or advertising tool. Despite that, it can still boost your organic traffic, potentially increasing your customer base.
Each type of certificate will give you a https web address. The https abbreviation signals users that you encrypt all website traffic.
At the same time, it shows that someone verified your identity and that you are who you say you are. This instantly makes your website more trustworthy, resulting in more users being likely to access it. And make no mistake. Having quality organic traffic is necessary to grow a business.
It Improves SEO
Internal links, external links, content quality, topics, keywords, and key phrases are all elements you need to address for SEO purposes. The better you score with each, the higher your website will rank in search results. However, the search ranking algorithm cares about more than what’s on your page.
Having a SSL certificate is one of the things the algorithm accounts for when determining your rank. Demonstrating you provide encryption is a smart move from an SEO standpoint.
It might not make the biggest difference, but it will give you a significant advantage against direct competitors without SSL certificates and proven encryption.
Regardless of what particular benefit or perk you’re after, installing a SSL certificate just makes good business sense, even if it’s the cheapest form of encryption. Some is better than none.
What to Know About Getting a SSL Certificate
Like any other digital signature, a SSL certificate is issued by a certificate authority or certification authority (CA.)
Millions of these SSL certificates get issued yearly due to their crucial role in internet transparency, connection security, and online interactions.
Depending on what SSL certificate you have your eyes on or is best for your business or personal needs, you can pay anywhere from a few bucks to hundreds of dollars or more. Fortunately, there are ways to get a free SSL certificate too. The only caveat with a free certificate is that it may not use the best encryption or be easy to verify.
Regardless of which certificate you want, there are a few steps that remain consistent in every verification process.
Setting up the Server
Before you do anything else, it’s essential to set up the server and update its WHOIS record. The details of your WHOIS record should be used to fill out the request.
If the information you give to the CA doesn’t match your WHOIS record, you won’t be granted a certificate.
Generating a Request
After you gather the information, it’s time to generate a CSR, or certificate signing request.
This is done on the server side, usually with the help of the hosting company.
Submitting the Request
Submit the generated request to the proper CA that can issue the type of SSL certificate you need, and wait for it to verify the information.
The verification process differs between SSL certificate types and different issuing authorities.
For example, a basic DV SSL might not need more than a few minutes of information verification before being issued. In comparison, a CA might take up to a week before issuing an EV SSL.
Install the Certificate
If the verification process was successful and your request was honored, you’ll receive a SSL certificate. To use it, you must install it on the web host server (or your server, if the website is self-hosted).
Do SSL Certificates Expire?
Here’s something you need to understand about SSL certificates. They all come with an expiration date. Even the ones with the highest level of encryption and strictest verification processes won’t last forever.
This happens for two reasons. First, issuing SSL certificates is a business. If everyone could get lifetime certificates, this business would cease to exist, or at least become less lucrative.
The second reason is the most important. Information changes over time, and every time it does, it must be revalidated.
Imagine you were to sell your company or personal website a few years from now. When ownership changes hands, the information on the existing certificate is no longer relevant. Therefore, periodic revalidation processes are necessary to ensure that the authentication information and data are as accurate as possible.
You could still get a SSL certificate with a five-year expiration date just a few years ago. But the expiration period has been consistently shortened to three years, two years, and most recently, one year.
Interestingly enough, the certificate authority/browser forum, or the entity acting as the regulatory body for the entire SSL industry, recommends a certificate lifespan of up to 27 months.
But despite this recommendation, tech giants like Apple, Mozilla, and Google agreed to enforce a one-year expiry period for SSL certificates. This became the new norm in 2020.
What Happens When a SSL Certificate Expires?
Whether the maximum issued lifespan of SSL certificates will increase again or decrease further is hard to determine. Yet the one-year rule can create problems for certain organizations. Large enterprises have multiple SSL certificates. They can’t afford to not quickly renew them because an expired SSL certificate can make websites unreachable, or at least appear untrustworthy.
Despite most users being able to disregard the warning and access the website anyway, the thought of malware infection, phishing, and other cybersecurity risks could be enough to stop users. This can cause massive bounce rates, which can affect normal business operations.
Small businesses and other SSL users aren’t as heavily impacted once the certificate expires. They have more time to resolve the situation.
There are various software solutions that allow you to keep track of your SSL certificates and their expiration dates. This makes it easier to renew SSL certificates before they expire instead of reacting after the fact.
A reputable CA should also send you a reminder sufficiently in advance of the expiration date. When it’s time to renew, contact your CA for instructions.
If no information has changed, the verification process should be the same as, if not shorter than, when the previous certificate was issued. Renewing EV SSL certificates is definitely easier than getting a new one.
Should some of the information no longer be accurate, you must share the latest information to update and renew your certificate.
Choosing a Certificate Authority to Buy a SSL
The same type of SSL certificate can have a very different price at two different CAs. But here’s how you can find the best CA for your needs.
First, you’ll want to look at brand reputation. Some CAs are industry leaders, work with the biggest corporations, and have excellent track records.
Names like DigiCert, Comodo, Entrust, GlobalSign, and others dominate the market. They should make your CA shortlist when shopping for a certificate.
Secondly, you’ll want to find a pricing structure or offering that fits your budget. Just because you need EV SSL or multi-domain SSL certificates doesn’t mean you should buy the most expensive option. Most EV SSLs don’t differ greatly from each other.
The CA’s service package or experience will be reflected in the pricing more than the certificate itself.
Another good differentiator is the range of certificates offered.
Not all companies offer both DV and EV certificates. Not all issuers specialize in wildcard SSL certificates. Thus, you have to find CAs that can issue the certificate type you need.
You can also look at the validation process to compare CAs. For example, some take considerably longer to verify your information and issue a certificate. That’s despite looking at exactly the same information their direct competitors would look at. If you’re in a rush to get your website up and secured, the timing could play a big role in your decision-making process.
Flexibility is another crucial consideration, especially for larger companies, enterprises, and organizations. Some certificates can be customized and tailored to your unique needs. That doesn’t mean all CAs are equipped to handle such a request.
You’ll likely need ongoing support if you’re not tech-savvy or don’t have an IT team. This is where an exceptional customer service reputation could sway you to pick a specific CA over others.
It’s really an exercise in understanding your needs and who can best meet them for a reasonable price.
Present Yourself as a Trusted Entity
Given the ease of obtaining some types of SSL certificates, there’s no reason you shouldn’t use one to secure your website or server.
People feel more comfortable accessing trusted websites. Even if they’re unaware of the existence of SSLs, browsers are. Modern browsers will always notify users if a website doesn’t have a SSL certificate, or a valid one, by labeling those websites untrusted and recommending against accessing them.
That’s no way to increase traffic or gain customers. Pick the right type of SSL certificate, the best CA for you, and get it done. It’s an effortless process.
Frequently Asked Questions
What happens if you don’t have an SSL certificate?
Users who attempt to access your website will receive a message saying it’s not secured and potentially untrustworthy or infected with malware. An untrusted label makes it less likely people will access a site.
Is a SSL certificate the same as a digital signature?
No. A SSL certificate can protect data transmission by encrypting a communication channel. A digital signature is only a component of a SSL certificate required to prove its authenticity and ownership.
What should a SSL certificate look like?
To see examples of SSL certificates, tap or click on the padlock icon next to any https websites you frequently visit. Each SSL certificate type will display specific information.
Author: Tibor Moes
Founder & Chief Editor at SoftwareLab
Tibor is a Dutch engineer and entrepreneur. He has tested security software since 2014.
This website is hosted on a Digital Ocean server via Cloudways and is built with DIVI on WordPress.
Don't take chances online. Protect yourself today:
Protect your Devices
Protect your Privacy
Or directly visit the #1: