What Is an SSL Certificate? A Beginner’s Guide

Our independent research projects and impartial reviews are funded in part by affiliate commissions, at no extra cost to our readers. Learn more

As you may know, the addresses you use to access websites are known as URLs (Uniform Resource Locators). For example, Google’s URL is:

https://google.com

But did you ever notice that some URLs start with http://, while others begin with https://? It’s obvious that the difference between these two types of URLs is the letter S. But what’s not so obvious is what that extra S means, exactly.

Simply put, the S signifies security. That’s not to say that the S officially stands for security, but it does mean that the website you’re browsing has an additional layer of encryption.

What’s more, it also signifies that the website is safer to use and share any sensitive information with, such as credit card details.

If you’re running a blog, website, or ecommerce store, you should seriously consider what this security and eruption technology  can offer you and your site’s visitors. And if you do decide to go for it, you’ll need to invest in something called an SSL certificate.

1

What is an SSL Certificate?

SSL stands for Secure Sockets Layer, a type of security technology. It’s used to cryptographically build a secure, encrypted connection between a web server and your browser. Think of it as a private communication line, like the ones secret agents use in spy movies to send coded messages.

Diagram showing an Insecure connection vs encrypted connection
SSL certificates are responsible for turning HTTP into HTTPS – it encrypts sensitive data such as login details that users enter into your site.

An SSL certificate is essentially a small data file associated with a website. When you try to access the website, your web browser requests the contents of the website from a web server. When that happens, the SSL certificate authenticates the identity of the website, and ensures that whatever data you send to the server remains private.

2

How Does an SSL Certificate Work?

SSL technology makes use of a concept known as Public Key Cryptography, which utilizes two long strings of random numbers called ‘keys’. One serves as a private key, while the other is public.

The public key is available in the public domain, and can be leveraged to encrypt any data. However, the public key cannot decrypt the data.

This is where the private key comes into play. Only the private key can unlock the message that was encrypted using its public counterpart.

Diagram showing public key change in SSL

For example, if a user sends you a message through a form on your website, your public key will turn the message into a secret code. Since you (i.e. your web server) are the only one with access to the private key, only you can decipher and read this message. If a hacker tries to steal the message when it’s on its way to the server, all they will get is the secret, cryptographic code, not the actual message.

3

Why Does my Website Need an SSL Certificate?

An SSL certificate offers a number of benefits. Among other things, it:

  • Keeps user data secure
  • Prevents hackers from making a fake version of your site
  • Confirms ownership of your website
  • Increases user trust and conversions
  • Enhances SEO

As we mentioned earlier, an SSL certificate replaces your HTTP web address with HTTPS. This change lets users know that you’re using SSL technology, and helps them feel more confident about sharing sensitive information, such as credit card details.

This major trust signal plays a large part in why 85% of users worldwide do not trust websites without an SSL certificate. Plus, the absence of an SSL certificate will lead to a “not secure” warning from most modern web browsers. As a result, your visitors will be less likely to proceed to your site – let alone sign up, enquire about your services, or buy what you’re selling!

4

Are All SSL Certificates the Same?

Nope – they aren’t. SSL certificates can be classified based on two factors: the number of domains owned, and the level of validation required.

In terms of the number of domains or subdomains owned, an SSL certificate can be:

  • Single: Securing one fully-qualified domain or subdomain
  • Wildcard: Covering one domain name and its multiple subdomains
  • Multi-Domain: Securing multiple domain names

Regarding the level of validation needed, an SSL certificate can be based on:

Domain Validation

Domain validation comes with basic encryption and verification of your site’s domain ownership. Obtaining this kind of SSL certificate typically takes anything from a few minutes to a couple of hours.

Organization Validation

Organization validation covers everything involved in domain validation, in addition to authenticating certain information about the owner (such as name and address). Securing this type of SSL certificate usually takes anything from a few hours to a couple of days.

Extended Validation

Extended validation provides the highest degree of security. In addition to domain name ownership and owner authentication, it verifies the legal, operational, and physical existence of the entity. Netting this variety of SSL certificate involves a thorough investigation of the entity according to the guidelines formed by the SSL certification industry’s governing consortium, and typically takes anything from a few days to a couple of weeks.

5

Where can I get an SSL Certificate?

Certificate Authorities (CAs) are the organizations responsible for accepting and reviewing SSL certificate requests from different entities. For each request, these CAs issue an SSL certificate only once they have verified the identity and legitimacy of an entity.

Certificate authority process

However, most of the popular domain registrars and website hosts these days give you the option to purchase an SSL certificate as part of a bundle with your domain name or hosting plan. They may also have unique instructions on how to install and activate your purchased SSL certificate.

Further information:

Frequently Asked Questions

You can take the following steps to confirm whether or not a website you are browsing has an SSL certificate:

  • Check if the URL says “https://” or “http://” (The secure option is https://)
  • See if there’s a padlock icon in the browser address bar – if there is, it’s SSL-equipped!
  • Use an online SSL checker tool

The cost of an SSL certificate ranges from $0 to $500,000 per year, depending on the packages your web host or domain registrar offers, and on the type of certificate your business requires. Institutions like banks, for instance, spend a lot on expensive SSL certificates – they can’t afford to risk their security, after all!
Yes, they do. SSL certificates have a lifespan of up to two years.  When an SSL certificate expires, most web and mobile browsers will start showing a warning that your website is not secure. This will have a negative impact on your traffic, so it’s important to renew your SSL certificate before the expiration date.