We've all heard of SSL or visited a website with an Internet address that started with https://, but what are SSL certificates and why should we care if a website has one?
What is a SSL Certificate?
Secure Socket Layer (SSL), and TLS (Transport Layer Security) before it, are cryptographic protocols used to secure connections over a network, most commonly the Internet. The original SSL protocol was created by Netscape and has been stable since roughly 1996 when version 3.0 was released. The first couple releases of the SSL protocol were not released to the public and/or contained security flaws which led to their retirement. Netscape's goal was to address the concerns of users about the current state of Internet security, their answer to this concern was to create an encrypted tunnel between clients and servers, protecting the data as it is transmitted over the internet. SSL version 3.0 is in constant use on the internet and has become an internet standard for network security.
What Types of Websites Should Have a SSL Certificate?
A SSL certificate can be used on any website to secure numerous types of data, but the most common uses of a SSL certificate is for E-Commerce sites and to secure a login form. Any website that requires you to input personal information (credit card info, address info, phone number, etc) should be secured with a SSL certificate, but E-Commerce websites collecting billing information absolutely must use a SSL certificate in order to secure your data connection.
The other common use of a SSL certificate is to secure your login information on various websites. If the website owner wishes to keep their login form secure and trustworthy, a SSL certificate is a must. Any data sent over an unencrypted connection can easily be intercepted by a malicious user.
How Do I Secure My Website with a SSL Certificate?
In most cases, a SSL certificate can be obtained through your webhost. With most webhosts, you are required to pay an additional fee for your SSL certificate, but the fee is nominal compared to the security you will offer your visitors. Many Internet users will not even think about transferring any personal information over an unencrypted connection. If you are offering a service that requires your users to input any form of personal data, you must have a secure tunnel for them to do so or you will lose a great deal of business. I personally would not recommend anyone transfer things like credit card numbers, address information, phone numbers or login information unless you are certain the website holds a current and valid SSL certificate. The easiest way to check this is to make sure the Internet address (in your browser's address bar) starts with https:// instead of the usual http:// and that your browser supports all current security measures and is not reporting any security risks.
In Conclusion ...
Never give your business to a website that does not have a valid SSL certificate. It is very easy to have your information stolen when it is transferred over an unencrypted connection. When using websites that require you to log in, make sure they also use a SSL certificate. If they don't, make sure you don't use a password that you use for other secure connections. When on the Internet you should always practice basic internet safety, including the use of SSL certificates.
All photographs courtesy of Stock.Xchng.