SSL

What is SSL?

SSL stands for secure sockets layer. It refers to the data encryption present when someone’s personal device connects to a business server or device. This encryption protects visitors and their personally identifiable information (PII).

Providing this layer of security isn’t technically required for businesses, but most people expect their information to be secure when linking to a website or a company via the internet. HTTPS at the beginning of the website’s URL indicates that it has an active SSL certificate.

Companies implement SSL certificate software to obtain and maintain SSL security. This helps businesses provide secure certificates across an entire domain and maintain active certificates, ensuring data security for website visitors.

Types of SSL certificates

Certificate authorities issue three types of SSL certificates. Each is associated with a different level of validation.

• Extended validation (EV) SSL certificates are considered one of the most secure, trustworthy, and encrypted certificates available. Websites with an EV SSL certificate are represented with a green lock icon, HTTPS URL, business name, and business country in the address bar. As these certificates are the most secure, they are also the most expensive.
• Organization validation (OV) SSL certificates require businesses to show proof of business registration and domain name ownership. Only companies and organizations can obtain an OV SSL certificate. They provide a medium level of encryption for legal operations. OV SSL certificates are slightly more affordable than EV SSL certificates. Websites with this certificate are represented with a green lock icon and business name in the address bar.
• Domain Validation (DV) SSL certificates only require businesses to provide proof of ownership for their domain name. These are the easiest SSL certificates to acquire and provide the most basic level of data encryption. DV SSL certificates are typically only recommended to businesses for internal and test servers, not for any servers or websites with external visitors. Websites with a DL SSL certificate are represented only with a green lock icon in the address bar.

Other less popular SSL certificates include the single domain SSL certificate, wildcard SSL certificate, and the unified communications (UCC) or multi-domain SSL certificate. These work for multiple websites simultaneously.

How does SSL work?

In the simplest terms, SSL uses encryption algorithms to scramble and protect data traveling between two devices or servers. On the back end, web servers identify themselves to each other and share a copy of their active SSL certificates. Once the certificates are received and verified, encrypted data can be shared, and then HTTPS and a green lock are displayed in the address bar.

The entire process takes place within milliseconds and is generally unnoticeable to website visitors. This communication between servers is often referred to as an SSL Handshake Protocol.

SSL certificates should be used for businesses that handle personally identifiable information, including:

• File transfers
• Login information
• Email clients and webmail servers
• Credit card and bank transactions and other types of online payments
• Database connections
• Personal information like social security number, name, and address

SSL certificates also help prevent phishing attempts, hacking attempts, and cyber attacks.

How to obtain an SSL certificate

Obtaining an SSL certificate for a company website requires the following steps.

• Determining the SSL certificate type needed based on needs and budget.
• Finding the required cost and qualifications for the certificate.
• Working with the company’s IT team to ensure the business meets all criteria for the chosen SSL certificate, especially for regulated industries like finance or healthcare. This often involves creating a certificate signing request (CSR) on the company’s server, which provides both a public and private key. In addition, the company must have an accurate and updated record with WHOIS, a public database that stores information related to an entity’s domain name. Incorrect or expired information lengthens the certification process.
• Paying the fees for the SSL certificate. Some are free, while others offer a monthly or yearly subscription to keep an SSL certificate active.
• Once the certificate is paid for and received, it should be installed on the company’s website or hosted server.

SSL vs. VPN vs. TLS vs. HTTPS

SSL stands for secure sockets layer. It details the protocol for a website’s data encryption for all visitors. The SSL protocol was deprecated in 1999, and TLS took its place, but both serve the same purpose.

VPN, or virtual private network , is like a personal SSL certificate. VPNs create a single encrypted connection for a user’s computer that handles all the data security and processing.

TLS, also known as transport layer security, succeeded SSL, though both terms are still used interchangeably.

HTTPS stands for hypertext transfer protocol secure. It’s a combination of SSL/TLS and the regular hypertext transfer protocol (HTTP). It’s used to indicate a secure connection to a website over a network.

SSL certificates are vital for data safety and encryption. Learn more about the different types of encryption and encryption algorithms.