Beginners Guide to SSL – What it is & How it Works

What is SSL? - What does SSL do? Learn the difference between TLS vs SSL, and why you should be using a SSL certificate on your website!
Beginners Guide to SSL – What it is & How it Works

While many web hosting companies claim that – with their help – navigating the web hosting world is a piece of cake, in reality, there’s nothing simple about web hosting.

On your search for the best hosting provider, you’ve probably come across multiple terms, acronyms and abbreviations which make about as much sense as a chocolate ashtray.

Do not fear – you aren’t missing a trick. The web hosting world is dense and confusing at times, but we are here to help. Wrapping your head around the concept of SSL Certificates is an entry point into coming to terms with web hosting as a whole.

You will notice that pretty much every hosting provider boasts of having an SSL Certificate. They probably are not worth your time or money if they don’t.

What is SSL?

Good question – let’s start with what SSL stands for. Quite simply, SSL is an acronym for ‘Secure Sockets Layer,’ which is a wonderfully vague way of saying that SSL revolves around online security.

We all know how important internet security is – I’m sure that every person reading this article has once had a run-in with an online hacker or a nasty virus. Unfortunately, it is part and parcel of using the internet.

However, suppose you are planning on hosting a WordPress website. In that case, it is essential to take preventative measures, stopping hackers and viruses in their tracks before they get the chance to access your sensitive data.

This is where SSL comes in. So, I’m guessing you are coming to terms with SSL protecting your online data, but how does it work?

How does SSL Work?

SSL works like a good pair of underwear in many ways – stay with me on this one. Let’s think about the purpose of underwear.

Essentially it covers – for want of a better word – your bits. It stops people from seeing the private parts of your body, right?

Well, SSL is the same. It encrypts your sensitive data, effectively creating a fence around your information so that it can pass through servers unnoticed and untouched.

Encryption works by changing the appearance of your data so that instead of seeing your data, potential online predators can only see an encrypted version, which certain people can only decrypt.

So, the general idea is that SSL security is like protective underwear for your sensitive data. But unfortunately, protecting your online information is slightly more confusing than simply slipping on a pair of pants.

It is essential to understand that SSL has been replaced by an updated security feature called TLS (Transport Layer Security). However, people still refer to the software as SSL.

Think of SSL as a pair of Victorian knee-length briefs and TSL as the modern boxer-pant. SSL walked so that TSL could run.

ssl and tls handshake image

With TLS in mind, the process of TLS/SSL is as follows; 

  • There is a TLS handshake between the client and the server
  • During this handshake, the client’s information is encrypted using something called ‘session keys.’
  • These ‘session keys’ are later responsible for decrypting the encrypted data.

Phew. Give yourself a pat on the back – that part is dense. Hang on tight. You’re only a few more steps away from being an SSL expert.

Types of SSL Certificate

Unsurprisingly, the web hosting world is not black and white; there are many different types of hosting available for different kinds of websites. Therefore there are multiple layers of security available within an SSL Certificate.

If you have been on the hunt for a new web host provider, you have probably noticed that mIf you have been on the hunt for a new web host provider, you have probably noticed that most providers offer tiered plans, starting at a basic level and going up to a more advanced service. This is pretty standard within web hosting. This tier system is replicated in the different types of SSL Certificate.

What is important to note, and will likely simplify the differences between each type of

What is important to note, and will likely simplify the differences between each type of certification, is differentiated based on how a site’s verification is established.

Consider each type of SSL Certificate like a different level of agent in a police investigation – you have the police force, the detective investigator and the FBI.

Each has the same agenda to investigate. However, each tier has a different approach, arguably getting more thorough as the tiers move up.

Domain Validation Certificate

With that in mind, the most basic version of the SSL Certificate is called a Domain Validation Certificate, the police level of an investigation. This level of certification verifies a site’s domain with basic encryption. It is the cheapest and quickest type of SSL Certification, however the least comprehensive, therefore likely the least secure.

Organisation Validation Certificate

Next up, we have the Organisation Validation Certificate, the detective investigators of the web hosting world. This level delves a step deeper into authenticating a site, verifying the elements of the domain’s owner, such as their full name and address.

However, with this increased detail comes an increase in the time and cost of establishing this certification.

Extended Validation Certificate

Finally, the Extended Validation Certificate is the FBI level of SSL Certificates. This type of certification is helpful for sites that rely on portraying a strong sense of valid identification.

The Extended Validation Certificate is the most advanced SSL Certificate because it verifies the domain’s owner online and physically. This gives the site a strong sense of security and validity. However, it sometimes takes up to a few weeks to validate.

How can I tell if my Website has SSL?

Is your brain feeling fried yet? I told you SSL could be slightly confusing. Well, here’s something that is genuinely straightforward.

Ascertaining whether your website has SSL or not is as simple as typing your website address into your browser’s search bar and checking whether it says HTTP or HTTPS before your address. If it’s HTTPS, you’re in the clear and all set with SSL. However, if it displays simply HTTP, you do not have SSL.

http not secure browser image

See – it is that simple! 

But what do these acronyms stand for? And what even are they?

Essentially, HTTP/HTTPS are simply the start of a URL – you’ve probably noticed that they appear before every website address when searched in a browser.

HTTP stands for HyperText Transfer Protocol. HTTP allows you to ‘transfer’ from one site to another, sending data between the web server and web page.

Every day is a school day!

How can I get an SSL Certificate for my Website? 

By now, you are most probably sold on getting an SSL Certificate. However, you may still wonder how you get one for your website. Unfortunately, they don’t stock SSL Certificates on supermarket shelves, but that doesn’t mean that it is difficult to get your hands on your very own SSL Certificate.

There are multiple places to locate an SSL Certificate online, meaning there is a fair amount of competition between providers. With this in mind, it is always good to do some research and compare websites, defining what your needs are, along with your budget.

Furthermore, it is essential to keep an eye out for scammers – pretty ironic considering we’re talking about the search for internet security software. Ensure that your SSL Certificates are issued by a verified CA (Certificate Authority). Otherwise, you could find yourself on the end of a scammer’s nasty joke.

With this in mind, there are two main avenues for obtaining an SSL Certificate; through a web host provider or an independent website, specialising in solely SSL Certificates. Essentially, to ascertain which is the best route for you, you need to figure out precisely what your needs are.

Do you need SSL Certification and nothing else? If so, go independently – there’s no point fussing about with a web host provider, and (even better) you can probably find a website to give you an SSL Certificate for free.

However, suppose that you are also looking for a website builder, a free domain, and a company to manage your connection speed and uptime in addition to an SSL Certificate. In that case, you are best off paying for a web host provider to do the work for you.

There are some super cheap web hosting providers out there and most of them offer an SSL Certificate as a free add-on.  

Can I Get A Free SSL Certificate?

They say that the best things in life are free, and I’m yet to find grounds to disagree. Why pay for something when you can get it for absolutely free at the same quality?

The tech world is expensive; you think the priciest part will be buying the computer, but when it comes to purchasing antivirus protection, software and paying for a web host provider, the costs start to add up and then renew month after month. It can be hard to catch a financial break in this age of commodification, but the same does not have to be said for SSL

Luckily, there are many free options, protecting your online security without making a dent in your bank balance. Win-win. Our personal favourite Certificate Authority is Let’s Encrypt, responsible for providing free SSL Certificates to 225 million websites.

They aim to make the internet a safer place for everyone. Their service is automatic, secure and open for the whole of the public to review. Sounds good to me, but how do they do it? They begin by validating your domain using a public key.

They then issue a set of challenges to prove the identity of the software which has control over your domain. Once this stage is completed, they can issue you with your SSL Certificate, and you are all set up with a brand-new HTTPS to wow your website’s visitors.

Final Thoughts

Hopefully, by now, you have a slightly elevated understanding of SSL Certificates and why they are so important. To put it simply, there are two main reasons for obtaining an SSL Certificate; security and desirability.

You need your website to be secure, and if it isn’t, it will lose all of its desirability as a place for online guests to visit. Suppose you want your website to be a success, an area where people come back to time and time again. In that case, it needs to be entirely secure, and there is no better way to prove its security than getting an SSL Certificate.

It has become common practice for websites to have SSL Certification. Therefore by not equipping your site with an SSL Certificate, you risk negatively standing out against other sites.

Let’s put it this way – you wouldn’t visit a cageless zoo, where the animals were free to roam, would you? Likewise, you wouldn’t want to part with sensitive data, such as your bank details or home address, on a website that had no software in place to protect said data.

For the sake of both your security and your visitors’ security, it is essential to have an SSL Certificate. Of course, there are many other ways to secure your website – the amount of security software available would blow your mind.

However, securing yourself an SSL Certificate is the easiest and cheapest way of validating your site’s security. So it doesn’t seem very smart to create a website without one.

Author

  • emily gibson profile

    Emily has been a Content Writer and SEO Consultant for the last 10 years. She is passionate about helping people understand about search engine optimisation and has designed courses and materials for numerous digital marketing agencies.

More content you might like

Popular Reviews

Leave a Reply

We will be happy to hear your thoughts

Leave a reply

Host Advisor
Logo
Compare items
  • Total (0)
Compare
0
Shopping cart