SSL Certificates. We all know we want one, but what are they exactly?

SSL Certificates. We all know we want one, but what are they exactly?

Secure Socket Layer (SSL) and Transport Layer Security (TLS) helps keep you and your customers safe when using your online services. But why else should you be using one?

We all know it; Google is taking over the world! To-date, Google manufacture software in phones, tablets, laptops, browsers, payment systems, smart home devices, and mapping – to list just a few strings to their bow, not to mention the search engine that started the company in 1998. Because of their colossal reach, if you truly want to be found online, you need to do things the Google way.   

Let’s turn back the clocks a couple of years… it is 2018 and Google have just taken the decision to start flagging websites without an SSL/TLS Certificate as being insecure. Like it or not, this has massive consequences. Not only are sites that are being served without a valid certificate now quickly falling in page ranking with Google, but also any of your customers who are using Google Chrome (or any of the Chrome engine browsers; Edge, Firefox, and Safari to name a few) are being blocked from accessing your website. Visitors are being forced to acknowledge the security risk in visiting your website, and as a direct result visits to your website will have nose-dived. 

It sounds as though we are against this decision. The truth is, we are not. The issuing of SSL/TLS Certificates is now standard practice for hosting companies, and that’s a good thing – it makes the web a better place for everyone. For too long companies have used antiquated or insecure email systems and hosting partners. 

But what is an SSL/TLS Certificate? Essentially, it’s a virtual lock and key mechanism that means any data transferred through your online services is encrypted with an automatically generated key. As an end-user, you will never know this exists, but it’s always there in the background, packaging up and protecting data that is transmitted. 

The server where your online services are hosted, be that email, website, app, or database, hold the ‘key’. This means that when the server receives a packet of information, the content is not humanly readable. It has been converted into a string of random nonsense that only the servers key can decode. 

Imagine all the times you have sent across a password by email (you should never do this by the way!) or made a payment online without a valid certificate. That password or your payment details are being transmitted around the globe in plain text. Imagine logging into an unprotected website with that password you use for everything (we know you do it!). Well, that password is now compromised… If someone intercepts that packet of data, they can read everything you have sent. With a certificate installed however, the interceptor still needs that key, the key that only your server holds to decipher the code – Think back to the days of the Enigma machine, an early iteration of what these protocols are doing today.

This is not to say that simply installing an SSL/TLS Certificate is your one-stop security solution. Far from it. But it’s a good start. 

It is however for these reasons that Google took the decision to start making the web safer for all its users. However, being the world’s most popular search engine meant that other companies quickly followed suit, and now search engines are penalising websites that do not secure their site over SSL, knocking you down the rankings and making it nearly impossible to be found for any useful or local search terms.

Because of this, a lot of browsers began to prominently display a green padlock icon when the site you are visiting has installed an SSL/TLS Certificate, or a whole page red banner if it does not. First impressions are key, and we know how we’d rather be seen… 

In summary 

  1. Yes, SSL/TLS Certificates are essentially mandatory – and that is ok. 
  2. Server encryption is here to stay, albeit in many different guises. 
  3. A certificate will help keep yours and your customers private information safe by encrypting all traffic sent through emails, web forms, logins – but should not be considered your sole security procedure. 
  4. Websites without an SSL/TLS certificate will be considerably harder to find online. 
  5. No, you do not need to be paying your hosting company hundreds of £ to have one. In fact, any reputable hosting company should offer an entry tier of SSL out of the box, and free of charge! 

If you are looking for a web partner who will support your business with online tools and enhanced security features, as well as SSL/TLS certificates as standard, then contact Doddle. We’ll get you online in no time.