This blog post will first try to explain what an SSL certificate is and why you may need one. I will try to keep it plain and simple, but there may be areas that become a little technical.
What is the purpose of an SSL certificate? Well an SSL certificate allows your web browser to make a secure connection to a web service while claiming that you can trust the secure connection.
An SSL certificate uses two keys. The first one is called the private key. The second one is called the public key.
The private key is what the web server uses to decrypt web traffic from people using your website. The public key is…well…the public key that everyone knows and uses to encrypt information to send to your server.
- Jane wants to send Fred some data, and she connects to Fred’s website to upload it.
- Fred’s server will respond and give Jane’s web browser Fred’s SSL certificate with Fred’s public key in it.
- Jane’s web browser then uses Fred’s public key to encrypt the information.
- Now Fred’s web server uses the private key (that is located on the web server) to decrypt the information Jane just sent, since without this special key, no one could easily decrypt the information Jane sent.
While this is a very simple example, it gives you a basic idea of what happens between the web browser and web server during an SSL session.
Now since we have covered the basics of how SSL works, what are some reasons to use SSL?
- Helps keep data secure. Without encryption, anyone can potentially view the data you transmit over the Internet.
- Helps to give confidence to people using your website. When they see the SSL lock icon in their web browser, it makes your web visitors feel secure (and they should be secure!).
- SSL encryption prevents third parties from modifying a website’s content before it reaches your web visitors. This can be a problem if you are dealing with sensitive information (or any information really). This is why having SSL on a website that technically does not need it can still be beneficial.
- Adding to the above information, some ISPs have inserted their own scripts / notifications into the web pages their customers visit. This makes for a poor experience for the customer, and also makes the website owner look bad, since most customers are going to blame the website owner for the “bad experience”, instead of their ISP.
- Having SSL enabled on your website can help with getting a better search engine ranking from Google.
- Many mainstream web browsers require an SSL enabled website if you wish to use the new HTTP/2 protocol with your website.
- You definitely need one if you are running an online web store. No one will want to shop on your website if your website is not serving content over an encrypted connection.
- SSL encryption also hides the specific location you visited on a website. — For example, if I go to https://example.com/contact, since the website is using encryption, my ISP can only see that I visited the domain example.com. The encryption hides the /contact part of the URL. So my ISP knows I visited example.com, but they have no clue what webpages I visited on that particular website. Pretty neat, huh?
I hope I have helped you have a basic understanding of what an SSL certificate is and why it can be useful to have one for your website.
Posted in Computers, Internet and Servers, Security