What is an SSL Secure Certificate and Why Do I Need it for my Website?

In this day and age... security is everything.  From simple locks on your doors and/or windows, vehicles, and bike locks to secure passwords for your bank account, investments, email and websites.

But protecting your OWN data isn't the only thing you need to be worried about.  Protecting your customer's data is just as important, especially when it comes to the data they are transmitting to and from your website.  There are many ways a customer can transmit data to your website:

• Visiting pages (and often populating cookies, or even transmitting their physical location to your webserver)
• Submitting Questions and/or feedback through a contact form.
• Transmitting purchase information and/or credit card information.
• Passwords, if logging into a member's only portal or viewing content-specific pages.

Back in the Day

Ahh, the old days... (We're talking the early to mid-1990's... pop music, bubble cars, Nintendo and Jurassic Park).  Traditionally, data transmitted across the web in pure text.  Letter for letter, word for word.  And because data (or 'packets') transmitted over the web can take several routes as they hand off from computer to computer on their way to their final destination, computers hackers or 'data sniffers' could intercept those data packets and extract whatever juicy tidbits of information contained therein.

Enter the Encryption Algorithm

An encryption algorithm is an encryption method that garbles data going out of one computer and re-assembles it at a pre-authorized receiving computer with a specific encryption key that was agreed upon before the data was sent.  (It's complicated, but trust us... it works).  This is the "s" in "https://"  When people access your site via "https://" and transmits information like this:

"I want to buy THIS for THIS MUCH, and my credit card number is THIS...", The data is encoded by the SENDING computer to something like this:

"En2N27GYwDoylCZgWQXO/Fy0XzAMaQFM3TJTzuZKVS36gaPLa5BX2rHoZm2n1+XOdUid
5d+yQYXhZFoXHVlReQ=="

This encrypted data is sent to the receiving computer, who already knows how to decrypt the information (with the pre-authorized KEY).  So the encoded string is decoded back into real information.

Anyone in the middle, who tries to intercept the data, only gets the garbled data, and can't decode it because they don't have the key.

The SSL is All About Trust

It's not enough to simply encrypt and secure data that goes out of your website (Anyone can do that... even the bad people), but that encrypted data must also be TRUSTED by the browsers, that they are not simply being encoded by a bad guy looking to steal data.  An SSL certificate (or "Secure Sockets Layer" certificate for the nerd in all of us) is a certificate that authenticates your site as a secured (encrypted) and TRUSTED source of data.  This trust is established within the certificate that verifies this trust from varying points of reference for each data packet that goes out and associates those data packets with your specific website server IP address (or unique server-id code).

There are different levels of security, and some companies can charge thousands of dollars to act as a trusted source that "vouches" for your data.  The browsers trust these certificates because they know that a verification process has been performed prior to being tested.  These certificates are very very secure (and often also insured, because data loss is very serious business for corporations like a Bank or tech company that can store and transmit very sensitive information).

For the average website, though, this level of verification can be much less strict, and (in turn) much less expensive.  Domain-based SSL certificates are simple, FREE certificates that simply verify that your domain name and the server IP address the data is flowing from is the same, and in that, it verifies that this SSL data is trusted.  If the data packets were reporting coming from your URL, but originating from a different SERVER (in the case of a hacker trying to send or receive data AS IF they were your website), then the certificate would throw an UNTRUSTED flag, and the browser would warn the user that this data is untrusted.

What does this mean for me?

Ok... so that was what we call, a "Long Story Short", but what does it mean for you.  Basically, if you have a website, it is extremely important for you to operate that site behind an SSL certificate, so that data transmitting between the two computers are fully encoded from a trusted, VERIFIED source.

You can always tell if your site is protected by looking at the URL in the URL bar of your browser.  If you see a locked PADLOCK icon or something similar in front of the URL in your browser, then, your site is secure.  But a padlock with an X on it, or the words NOT SECURE means your site is NOT secured, and you need to talk to your developer about that.

This is important for many reasons:

SSL's protect your data

As stated above, data transmitted between the two computers is fully encoded, and any third party trying to compromise your data transmission will be unable to decode the data.

SSL Verifies your Site's Identity

The data transmitting between the computer is checked, double-checked and verified so that no one can try to SPOOF you, or send/receive data on your behalf.

Better Search Engine Rankings

Google is now placing a higher priority on secured sites in search engine rankings, which means if your site is secured, you will rank higher than your competitors who might not be secured.  And non-secured sites might also receive an INSECURE warning in the search result itself.

SSL Improves Customer Trust

When people send you a message, or purchase a product, they are likely to check as to whether or not that communication is encrypted.  If the transmission sits behind an SSL certificate, they are more likely to trust you and proceed with their communication or transaction.

Google Mandates SSL certificates

Google, in an attempt to secure the web, is now flagging sites that do not sit behind an SSL certificate.  If you do not have an SSL certificate installed on your site, you run the risk of being flagged by Google, and (possibly) down the road, blacklisted.

What can I do?

Talk to your web host.  At Gaslamp Village Media, not only do we automatically provide free domain authenticated SSL certificates, but we also ensure that sites are automatically routed THROUGH that certificate.  So even if someone types "http://mysite.com", the browser will automatically change their request to an "https://mysite.com"  It all happens in the background, and there's never a worry!

Don't let your site be untrusted in the eyes of your potential customers.  Ensure it's protected with a FREE SSL certificate from Gaslamp Village Media Inc.