Updated: Nov 13, 2019
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites.
An organization needs to install the SSL Certificate onto its web server to initiate a secure session with browsers. Once a secure connection is established, all web traffic between the web server and the web browser will be secure.
When a certificate is successfully installed on your server, the application protocol (also known as HTTP) will change to HTTPs, where the ‘S’ stands for ‘secure’. Depending on the type of certificate you purchase and what browser you are surfing the internet on, a browser will show a padlock or green bar in the browser when you visit a website that has an SSL Certificate installed.
Are all SSL certificates the same?
There are many different types of SSL certificates based on the number of domain names or subdomains owned, such as:
Single – secures one fully-qualified domain name or subdomain name
Wildcard - covers one domain name and an unlimited number of its subdomains
Multi-Domain – secures multiple domain names
and the level of validation needed, such as:
Domain Validation – this level is the least expensive, and covers basic encryption and verification of the ownership of the domain name registration. This type of certificate usually takes a few minutes to several hours to receive.
Organization Validation – in addition to basic encryption and verification of ownership of the domain name registration, certain details of the owner (e.g., name and address) are authenticated. This type of certificate usually takes a few hours to several days to receive.
Extended Validation (EV) – this provides the highest degree of security because of the thorough examination that is conducted before this certificate is issued (and as strictly specified in guidelines set by the SSL certification industry’s governing consortium). In addition to ownership of the domain name registration and entity authentication, the legal, physical and operational existence of the entity is verified. This type of certificate usually takes a few days to several weeks to receive.
Who may need an SSL certificate?
Any individual or organization that uses their website to require, receive, process, collect, store, or display confidential or sensitive information. Some examples of this information are:
logins and passwords
financial information (e.g., credit card numbers, bank accounts)
personal data (e.g., names, addresses, social security numbers, birth dates)
legal documents and contracts
Where can you get SSL certificates?
Probably the most important part of an SSL certificate is where it comes from. SSL certificates are issued by Certificate Authorities (CAs), organizations that are trusted to verify the identity and legitimacy of any entity requesting a certificate.
The CA’s role is to accept certificate applications, authenticate applications, issue certificates, and maintain status information on certificates issued.
You may also be able to purchase digital certificates from a domain name registrar or website hosting provider.
How will visitors know my site has an SSL certificate?
There are four visual clues:
Padlock to the left of a URL
https URL prefix instead of http
A trust seal
A green address bar (when an EV SSL certificate is issued)