Anyone who browses the Internet with some attention to what they do and the sites they visit has already noticed a small detail that differentiates some sites from others and that appears next to the address bar and the URL or domain itself: HTTPS and a lock icon green.
If you didn't know, from now on, be sure that these sites use SSL certificate. Well, you must be assuming it is good and from the moment you read this article, you can be sure that it is, as well as learn more about SSL Certificate, what it is, its importance for your site, or any site you access on the Internet.
SSL stands for Secure Sockets Layer and has become a synonym for encrypting online data streams. When installing SSL in a domain, the set of rules or protocol (HTTP - Hypertext Transfer Protocol) that is used to exchange information between your computer and the website accessed - which is originally unsafe - is changed in a secure protocol, which is HTTPS.
When HTTP was created, the exchange of data between two computers did not present the levels of risk that exist today and so there was no concern that someone could have access to such data. But the protocol has vulnerabilities that allow data to be accessed on the path between the device that performs the access and the server.
Currently, the value and importance of the information that travels on the Internet is immensely greater and leaking such data can cause losses of various orders to companies and people.
When accessing a website through an unencrypted (HTTP) connection, you can read the data packets on the way between your browser and the server and obtain the information in text form, such as a name, bank details or any other information being transmitted.
When you install SSL on the domain, the information exchanged between a visitor's computer and the website is encrypted and from there, 'your name' could be displayed as 'vbo7r1iaew82BDHEwmp1qYewD + vco9n0yD6g', for example, if someone views the Data package.
This is what encryption does, that is, it alters the data transmitted in a way that makes it incomprehensible. Only the server with which you made the encrypted connection has the information necessary to convert 'vbo7r1iaew82BDHEwmp1qYewD + vco9n0yD6g' into 'your name'.
The difference between HTTPS and HTTP is the encrypted and secure transmission of data using TLS. But wait, wasn't it SSL? Why are they talking about TLS now?
SSL and TLS are two different terms for the same thing. Both are methods of encrypting data for websites using a hybrid protocol. However, TLS (Transport Layer Security) is the evolution of SSL (Secure Sockets Layer), in that it reinforces aspects of SSL security, with aspects specific to TLS.
For several reasons, TLS did not have the same level of adoption and currently SSL has incorporated the improvements contained in TLS and have become a series of continuously updated protocols, and are generally grouped as SSL / TLS.
Since January 2017, when accessing a website using Google Chrome an alert is issued when accessing a website without an SSL certificate. With around 72%, Google Chrome is the most used browser in the world. Second, with approximately 15%, comes Mozilla Firefox and in both browsers, sites without SSL are displayed in the address bar with a circled 'i', which if clicked shows that the 'your connection to this website is not secure'
Therefore, particularly if you provide personal information or data that must be kept confidential, it is important that the site has SSL linked to the domain. Now that you are able to identify, be aware of who takes care of the security of your information.
Yes. Since 2014, Google has been considering with relevance the adoption of digital certificates by a domain, among the many aspects of ranking the sites in the organic results of its search and thus a site with SSL installed takes advantage over one that do not have, in organic Google search results.
SSL encryption makes the company's website more secure and strengthens customer confidence in the website accessed, indicating that the company responsible for the website values the security and confidentiality of its customers' data, resulting in valuable points for the websites that use it.
The encryption symbol thus corresponds to a sign of quality and security in the way the information is transmitted. If an SSL-encrypted web page is accessed, the requested server will respond first with a certificate, which is issued by a certification authority (CA), such as GlobalSign or Symantec. The certificate allows the user to verify the identity of the server, the company behind the website and the validity of the encryption.
According to Google, the way the ranking system works and how the results are displayed, aims to provide a better user experience, increasing the possibility of delivering exactly what you are looking for, ensuring that the content you access and your browsing the site, be safe.
Yes, for all you have read so far, currently having such a feature is important, but there are some sites where it is not only important, but absolutely necessary to have an SSL.
Any website on which payments are made, such as using a credit card, is required by the responsible company that transactions are secured, that is, using SSL or that the pages on which the data is provided, are accessed using HTTPS.
In fact, payment gateways - as payment applications are called - only work and validate payments, if transactions take place using an SSL certificate.
Installation is reasonably simple, but if you have no practice or knowledge, you may face some difficulty. In this case, the technical support of your hosting company can guide you as to what should be done, as well as the company issuing the SSL, as long as the certificate is not free.
In addition to the actual installation, in some cases it is necessary to make some changes to the website code. Depending on which platform you used to create and manage your website, there are options by which with a few clicks and in seconds, the necessary changes are made.
So for example, Magento, which is a platform for developing ecommerce websites, has a quick and easy option for adaptation. Consult the support or documentation of the application you use or the support of your hosting.
If by any chance your website's programming doesn't use development platforms like Magento, Joomla, Wordpress or similar, the adjustment has to be done manually and usually consists of changing the URLs of the website that use http, to https.
Certification authorities (CA’s) issue and make available different certificates, from the simplest and cheapest, to the most complete and expensive. Regardless of which option you choose, the most important part of ensuring that data is handled in encrypted form - and therefore secure - is the same.
The difference between each certificate is due to broader certification protocols and thus, a more “advanced” SSL can display information of the certified company by placing the mouse cursor over the certificate, instead of a simple lock icon when side of the browser address bar.
Other company information and verification routines are added to the certificate issuing process, to ensure that the company behind the certificate is suitable, in more advanced and expensive certificates.
Below we list the certificates commonly sold for simple knowledge:
The importance that has been given to the use of SSL in a domain, has given rise to a few free security certificates, the most popular of which is Let’s Encrypt today. Basically and theoretically, the main security layer, which is encryption, works and uses the same protocols as paid certificates.
But what if it fails? What if support was needed? Well, in this case you will have to bear the costs and consequences of the breach of security, as the company that issued the free SSL does not offer any type of guarantee or support. It is 100% at your own risk.
When you hire a paid SSL certificate, you have a number of additional features and guarantees, which you can use:
Safety – the certifying authority ensures that the encryption employed cannot be broken. If any failure occurs and the integrity of the data is compromised, there is a refund to compensate for any losses. The amount of this refund depends on the certificate purchased and the certifying company..
Support – you have support from the moment the certificate is installed in your domain, up to simpler issues like security and renewal checks.
Options – you have everything from the cheapest and yet safe alternatives, to the most sophisticated, complete and comprehensive options of mechanisms to guarantee the security of the data and the company behind the website.
Convenience – generally the validation terms, that is, for how long the certification is valid, is longer in paid certificates. So, you don't have to renew SSL as often, as is the case with free ones.
Coverage – if you have subdomains that you want to be covered by SSL, a fee is indicated, since in the case of free ones for each existing subdomain, it is necessary to install an individual free one.
It is important to remember that the role of SSL is to increase the security that is transmitted to and from your computer. It does not interfere with what happens inside your device or on the server.
There are many security problems related to the invasion of websites or infection of the visitor's computer by malware (viruses, trojans, worn, etc.), which require other corrective actions.
Like HostMídia, good hosting companies usually provide this certificate service. If you don't already have one and plan to install it on your domain, check your hosting for the options it offers.
Although you can purchase a certificate and install it on any domain hosted by any company in the world, in some cases it is more convenient for reasons of support, cost and even integration with the infrastructure you have in the company where your site is hosted , that you buy SSL with your hosting..
If you want to ensure that all information exchanged between your site and your visitors, is made securely, let them know that your company values and cares about the data you provide, that Google as the main search engine today also have the same evaluation and position it properly, installing SSL on your domain is essential.
If you still have questions about the subject or suggestions for improvements, feel free to comment.