Why SSL? The Purpose of using SSL Certificates

Why do I need SSL/HTTPS? What will it do for me? This is an important question for anyone involved in the web to understand. SSL protects your sensitive information as it travels across the world. It keeps the Internet from being controlled by hackers and criminals and provides many benefits to you and your customers.

What are the Key Benefits of using SSL?

1. Encryption

The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.

2. Authentication

In addition to encryption, a proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to a criminal’s server. Why is this important? The nature of the Internet means that your customers will often be sending information through several computers. Any of these computers could pretend to be your website and trick your users into sending them personal information.  It is only possible to avoid this by using a proper Public Key Infrastructure (PKI), and getting an SSL Certificate from a trusted SSL provider.

Why are SSL providers important? Trusted SSL providers will only issue an SSL certificate to a verified company that has gone through several identity checks. Certain types of SSL certificates, like EV SSL Certificates, require more validation than others. How do you know if an SSL provider is trusted? You can use our SSL Wizard to compare SSL providers(link) that are included in most web browsers. Web browser manufactures verify that SSL providers are following specific practices and have been audited by a third-party using a standard such as WebTrust.

3. Get a Ranking Boost in Search Engines.

In August 2014, Google announced they are starting to use HTTPS as a ranking signal.  Currently, it is a lightweight signal in the Google SEO algorithms.  But over time, will gain more strength as more and more websites switch to using HTTPS. Google would like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web. Here are basic tips (from Google) to get started:

• Decide the kind of certificate you need: single, multi-domain, or wildcard certificate

• Use 2048-bit key certificates

• Use relative URLsfor resources that reside on the same secure domain

• Use protocol relative URLs for all other domains

• Check out our Site move article for more guidelines on how to change your website’s address

• Don’t block your HTTPS site from crawling using robots.txt

• Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

It is important to note that using HTTPS does not preclude the use of other ranking signals such as high quality content.

4. Gain Your Customers’ Trust

Web browsers give visual cues, such as a lock icon or a green bar, to make sure visitors know when their connection is secured. This means that they will trust your website more when they see these cues and will be more likely to buy from you. SSL providers will also give you a trust seal that instills more trust in your customers.

5. PCI Compliance

It is also important to know that if you take credit card information on your website, you must pass certain audits such as PCI (payment card industry) Standards.  This means that if you have an online store (e-commerce), you must protect your customers credit card information by using HTTPS/SSL encryption.  The only exception is if you use a third party payment gateway (such as PayPal, 2Checkout, Authorize.net, etc) and are sending the user to the third party site to enter customer data. The third party site must be compliant.

6. Protects from phishing

A phishing email is an email sent by a criminal who tries to impersonate your website. The email usually includes a link to their own website or uses a man-in-the-middle attack to use your own domain name. Because it is very difficult for these criminals to receive a proper SSL certificate, they won’t be able to perfectly impersonate your site. This means that your users will be far less likely to fall for a phishing attack because they will be looking for the trust indicators in their browser, such as a green address bar, and they won’t see it.

Disadvantages of SSL

With so many advantages, why would anyone not use SSL? Are there any disadvantages to using SSL certificates?

1. Cost is an one disadvantage. SSL providers need to validate your identity so there is a cost involved. Cost is based

1. the name of the certifying authority(because of the trust factor)

2. the type of certificate offering

3. the strength of encryption

4. the method of authentication.

Because some providers are so well known, their prices can be overwhelmingly high. Prices range from about $20 to $2000 per year.

2. Performance is another disadvantage to SSL. Because the information that you send has to be encrypted by the server, it takes more server resources than if the information weren’t encrypted. The performance difference is only noticeable for web sites with very large numbers of visitors.

Overall, the disadvantages of using SSL are few and the advantages far outweigh them. It is critical that you properly use SSL on all websites that require sending sensitive information. Proper use of SSL certificates will help protect your customers, help protect you, and help you to gain your customers trust thereby selling more. If you’re still not sure why SSL should be used on your website, read more of our SSL FAQ.