Whilst many web hosting companies claim that – with their help – navigating the web hosting world is a piece of cake, in reality, there’s nothing simple about web hosting.
On your search for the best hosting provider, you’ve probably come across multiple terms, acronyms and abbreviations which make about as much sense as a chocolate ashtray.
Do not fear – you aren’t missing a trick, the web hosting world is dense and confusing at times, but we are here to help. Wrapping your head around the concept of SSL Certificates is entry point into coming to terms with web hosting as a whole.
You will notice that pretty much every hosting provider boasts of having an SSL Certificate, and if they don’t, they probably are not worth your time or money.
What is SSL?
Good question – let’s start with what SSL stands for. Quite simply, SSL is an acronym for ‘Secure Sockets Layer’, which is a wonderfully vague way of saying that SSL revolves around online security.
We all know how important internet security is – I’m sure that every single person reading this article has once had a run in with an online hacker or a nasty virus, unfortunately it is part and parcel of using the internet.
However, if you are planning on hosting a WordPress website or any other platform, it is important to take preventative measures, stopping hackers and viruses in their tracks before they get the chance to access your sensitive data.
This is where SSL comes in. So, I’m guessing that you are coming to terms with the fact that SSL protects your online data, but how does it actually work?
How does SSL Work?
In many ways, SSL works like a good pair of underwear – stay with me on this one. Let’s think about the purpose of underwear.
Essentially it covers – for want of a better word – your bits. It stops people from seeing the private parts of your body, right?
Well, SSL is the same. It encrypts your sensitive data, effectively creating a fence around your information so that it can pass through servers, unnoticed and untouched.
Encryption works by changing the appearance of your data, so that instead of seeing your data, potential online predators can only see an encrypted code version of your data, which can only be decrypted by certain people.
So, the general idea is that SSL security is like protective underwear for your sensitive data. But unfortunately protecting your online information is slightly more confusing than simply slipping on a pair of pants.
Here, it is important to understand that SSL has actually been replaced by an updated security feature, called TLS (Transport Layer Security), however people still refer to the software as SSL.
Think of SSL as a pair of Victorian knee-length briefs and TSL as the modern boxer-pant. SSL walked so that TSL could run.
With TLS in mind, the process of TLS/SSL is as follows;
- There is a TLS handshake between the client and the server
- During this handshake, the client’s information is encrypted, using something called ‘session keys’
- These ‘session keys’ are then later responsible for decrypting the encrypted information.
Phew. Give yourself a pat on the back – that part is kind of dense. Hang on tight, you’re only a few more steps away from being an SSL expert.
Types of SSL Certificate
Unsurprisingly, the web hosting world is not black and white; there are many different types of hosting available for different types of websites, therefore there are multiple layers of security available within an SSL Certificate.
If you have been on the hunt for a new web host provider, you have probably noticed that most providers offer tiered plans, starting at a basic level and going up to a more advanced service. This is pretty standard within web hosting, and it is evident that this tier system is replicated in the different types of SSL Certificate.
What is important to note, and will likely simplify the differences between each type of certification, is that they are differentiated based on the way in which a site’s verification is established.
Consider each type of SSL Certificate like a different level of agent in a police investigation – you have the police force, the detective investigator and the FBI.
Each have the same agenda to investigate, however each tier has a different approach, arguably getting more thorough as the tiers move up.
Domain Validation Certificate
With that in mind, the most basic version of the SSL Certificate is called a Domain Validation Certificate, the police level of an investigation.This level of certification verifies a site’s domain, with basic encryption. It is the cheapest and quickest type of SSL Certification, however the least comprehensive, therefore likely the least secure.
Organisation Validation Certificate
Next up we have the Organisation Validation Certificate, the detective investigators of the web hosting world. This level delves a step deeper into authenticating a site; verifying the elements of the domain’s owner, such as their full name and address.
However, with this increased detail comes an increase in the time and cost of establishing this certification.
Extended Validation Certificate
Finally, the Extended Validation Certificate is the FBI level of SSL Certificates. This type of certification is useful for sites which rely on portraying a strong sense of valid identity.
The Extended Validation Certificate is the most advanced type of SSL Certificate because it verifies the domain’s owner both online and physically, giving the site a strong sense of security and validity, however taking sometimes up to a few weeks to validate.
How can I tell if my Website has SSL?
Is your brain feeling fried yet? I told you SSL can be slightly confusing. Well, here’s something which is genuinely straightforward.
Ascertaining whether your website has SSL or not is as simple as typing your website address into your browser’s search bar and checking whether it says HTTP or HTTPS before your address. If it’s HTTPS you’re in the clear and all set with SSL, however if it displays simply HTTP you do not have SSL.
See – it really is that simple!
But what do these acronyms actually stand for? And what even are they? Essentially, HTTP/HTTPS are simply the start of a URL – you’ve probably noticed that they appear before every website address when searched in a browser.
HTTP stands for HyperText Transfer Protocol, meaning HTTP allows you to ‘transfer’ from one site to another, sending data between the web server and web page.
Every day is a school day!
How can I get an SSL Certificate for my Website?
By now you are most probably sold on getting an SSL Certificate, but you may still be wondering how one actually goes about getting one for their website. Unfortunately, they don’t stock SSL Certificates on supermarket shelves, but that doesn’t mean that it is difficult to get your hands on your very own SSL Certificate.
There are multiple different places to locate an SSL Certificate online, meaning there is a fair amount of competition between providers. With this in mind, it is always good to do some research and compare websites, defining what your needs are, along with your budget.
Furthermore, it is really important to keep an eye out for scammers – pretty ironic considering we’re talking about the search for internet security software, right? Make sure that your SSL Certificates is issued by a verified CA (Certificate Authority), otherwise you could find yourself the butt of a scammer’s nasty joke.
With this in mind, there are two main avenues for obtaining an SSL Certificate; through a web host provider or through an independent website, specialising in solely SSL Certificates. Essentially, in order to ascertain which is the best route for you, you need to figure out exactly what your needs are.
Do you just need SSL Certification and nothing else? If so, go independently – there’s no point faffing about with a web host provider, and (even better) you can probably find a website to give you an SSL Certificate for free. Sorted.
However, if in addition to an SSL Certificate you are also looking for a website builder, a free domain and a company to manage your connection speed and uptime, then you are best off paying for a web host provider to do the work for you.
There are some super cheap web hosting providers out there and most of them offer an SSL Certificate as a free ad-on.
Can I Get A Free SSL Certificate?
They say that the best things in life are free, and I’m yet to find grounds to disagree. Why pay for something when you can get it, at the same quality, for absolutely free?
The tech world is expensive; you think the priciest part is going to be buying the computer, but then when it comes to buying antivirus protection, software and paying for a web host provider, the costs really start to add up…and then renew month after month. It can be hard to catch a financial break in this age of commodification, but the same does not have to be said for SSL Certificates.
Luckily for you, there are plenty of free options, protecting your online security without making a dent in your bank balance. Win-win. Our personal favourite Certificate Authority is Let’s Encrypt, responsible for providing free SSL Certificates to 225 million websites.
Their aim is simply to make the internet a safer place, for everyone. Their service is automatic, secure and open for the whole of the public to review. Sounds good to me, but how do they do it? They begin by validating your domain, using a public key.
They then issue a set of challenges, to prove the identity of the software which has control over your domain. Once this stage is completed, they can issue you with your SSL Certificate and you are all set up with a brand-new HTTPS to wow your website’s visitors.
Hopefully by now you have a slightly elevated understanding of SSL Certificates and why they are so important. To put it simply, there are two main reasons for obtaining an SSL Certificate; security and desirability.
You need your website to be secure, and if it isn’t it will lose all of its desirability as a place for online guests to visit. If you want your website to be a success, a place in which people come back to time and time again, then it needs to be fully secure and there is no better way to prove its security than getting an SSL Certificate.
It has become common practice for websites to have SSL Certification, therefore by not equipping your site with an SSL Certificate, you risk negatively standing out against other sites.
Let’s put it this way – you wouldn’t visit a cageless zoo, where the animals were free to roam, would you? Likewise, you wouldn’t want to part with sensitive data, such as your bank details or home address, on a website which had no software in place to protect said data.
For the sake of both your security and your visitors’ security, it is essential to have an SSL Certificate. Of course, there are many other ways to secure your website – the amount of security software available would blow your mind.
However, securing yourself an SSL Certificate is the easiest and cheapest way of validating your site’s security, so it seems foolish to create a website without one.