Menu
What is an SSL certificate and how to use it

What is an SSL certificate and how to use it

SSL certificate is a cornerstone of modern Internet safety. Basically, it allows a website to use borderline uncrackable protocol called HTTPS to transfer sensitive data — like passwords, credit card information — that should never fall into culprits’ hands. This makes most of the hacking methods completely useless.

HTTPS itself is an update and extension of the usual HTTP, which was used ever since the birth of the World Wide Web. “S” in the name means “secure”, and this security is achieved by a quite ingenious system of encryption.

Many leading IT-companies — Google, Mozilla and Microsoft among them — have been pushing for HTTPS-only Internet by 2020 and, considering how important online safety has gotten these days, their vision just might turn out to be a reality. So if you want to stay relative and provide your users with a supreme level of safety – you need an SSL certificate.

HOW DOES SSL WORK

To be honest, a complete description of the inner workings of the HTTPS-protocol can be easily stretched into a small novel. Check the infographic below to catch a glimpse of the process.

http

And that’s how simple HTTP becomes HTTPS. Also, the keys on the infographic are just an example. Modern SSL private keys are up to 256-symbols long.

WHY YOU SHOULD USE SSL

Besides keeping up with the times? Well, first of all, to protect yourself. HTTPS covers not only your website end users, but also your admins, moderators, content managers and other staff that interacts with your website on a daily basis. Imagine what would happen, if a competitor got ahold of your passwords by cracking laughable HTTP-encryption.

Also, as we mentioned, Google and Microsoft are pushing for the HTTPS-only Internet.

And the first major push is scheduled to happen in January 2017, when every browser based on Chromium is going to mark HTTP-websites as unsafe and require a manual confirmation from the user to proceed each time they try to access it. This includes Chrome, Opera, Vivaldi and many others, which, combined, hold more than 50% of the overall number of active Internet users — users that you are going to lose, if you will not get yourself an SSL certificate.

Besides that, HTTPS-protocols have been known to:

  1. Increase your Google rankings. Yes, Google is cheating here a little, but it’s their search engine, after all. And although it hasn’t been confirmed yet, since January 2017 the websites without HTTPS might disappear from Google’s Search Results entirely.
  2. Increase conversion rates. Many tech-savvy people refuse to use HTTP-only websites for any monetary transaction or even leave their contacts on such sites. Some of them even try to educate their family and friends, that if there’s no locked padlock in the address bar — they shouldn’t use this site anymore.
  3. Build consumer trust and respect to the company. You can definitely earn some loyalty points by showing your clients that you care about their safety and privacy. And in case your audience is not tech-savvy enough to appreciate it, you can always brag about it on the Log In page.

HOW TO USE SSL

As an end-user, all you have to do is open your browser, go to the website with an HTTPS-encryption and voila — you will see the fabled green padlock in the address bar, signifying that your data is now protected! But if you want to implement HTTPS-encryption for your website – you will need to do a bit more than that.

First of all, let’s explain how the SSL certificates are issued. Each time a browser is updated, Microsoft (or Google, Mozilla, Opera Foundation etc.) updates its list of trusted certificates. And in order to trust the certificate, the maintainer of the browser needs to trust the company that issued it. By the way, here’s what an issued SSL certificate looks like:

certificate

The only way to obtain a good certificate is to buy it from a respectable Certificate Authorities (CA). The prices vary, but they are manageable even for the high-profile CAs. SSL certificates are usually reissued annually, so unless something outlandish happens – you will not need to worry about it for quite a while.

To install the certificate on the website, you will need to follow the instructions of your hosting company.

If your hosting does not provide such a method — you may have to ask their admins, but the chances of that happening are pretty low.

In most cases, you will also have to install Intermediary Certificates.

WHAT KINDS OF SSL CERTIFICATES ARE THERE

Technically, only one. But different certificates have different attributes, which may expand their abilities. The most popular ones are:

  1. Extended Validation certificates. To get one of these, your domain and organisation have to pass multiple checks, but they also provide you with the highest trust level and give the green padlock icon in the address bar.
  2. Mobile certificates. These certificates are developed in order to support mobile browsers, which often lack the capabilities of the desktop ones.
  3. Wildcard certificates. These certificates allow you to also protect your subdomains without purchasing additional SSLs.
  4. SGC-certificates. Server Gated Cryptography increases the security level by forcing the client’s browser to use 128-bit encryption.
  5. Multi-domain certificates. These allow you to protect many domains at once, and are most useful for people who work on multiple projects at once.

WHERE TO GET SSL

At any trusted Certificate Authority. But if you do not want to go through thousands of offers, you can just buy one at Unihost. We have selected a quite a lot of good certificates from many different companies for you to choose from!