Secure Sockets Layer, better known as SSL, is a cryptographic protocol designed to provide communications security over a computer network. SSL is used for web surfing, internet faxing, voice-over-IP and is used by, but not limited to, big time websites such as Facebook, Google and YouTube.
How SSL Works
SSL works by encrypting a connection between two points of contact: a client (e.g. a web browser) and a server (e.g. tbsmo.com) using symmetric cryptography1. Each time a new connection is made, a unique key for the encryption is generated during the handshake protocol2. That’s what makes SSL so powerful and reliable; because these keys do not exist before connection is made, so even if there was someone waiting to steal or just eavesdrop on your connection they wouldn’t be able to. An attacker cannot change any info without sounding the alarms. Also, the message authentication code3 integrity checks to prevent alteration of data or prevent undetected loss of data during the connection transmission. I know it doesn’t sound like much, but the amount of algorithm that takes place for just you to connect to Facebook would take you thousands of times longer than our computers!
Does My Website Need SSL Certificate?
You are probably wondering if you need a SSL Certificate for your website, or if it just a waste. SSL is definitely a necessary addition to any website because it offers protection of you and your user’s privacy. If you have a website which requires the user to put in personal information such as credit card information, or if you have a service that requires the users to enter personal information such as bank account or social security numbers, then you ABSOLUTELY need a SSL certificate. You have a responsibility to keep that information secure. If someone ever hacked into your site they could steal all of your user’s personal information which leads to a lack of trust amongst your users and opens up the possibility for legal action against you.
Now I know you might be thinking, “Hey my website does not take any personal information and the most I ask for is phone number or email”. Sure, not much can come from not having SSL coverage for your site, however look it at like this: If you were having a conversation with a friend, nothing private just gossiping in a public area, and then when you were in mid-conversation a random stranger who neither of you know comes up and stands right next to you and begins to listen to your conversation. The stranger doesn’t talk or have any expression, but is just there – and even though he/she is not doing or saying anything you can’t help but feel awkward that this stranger is listening to and watching you. Now I know this is an odd thing to think about, but not having SSL on your site is essentially giving permission for others to listen to your conversations and watch your every move within the website; spooky! So to summarize, yes, you should have SSL on your site for that peace of mind for you and your users, but it is recommended/required if you are taking personal information from users.
What SSL Certificate is Best for Me?
SSL Certificates come in many shapes and sizes, but I can give you the right information to help you choose. First things first, there are different companies that sell SSL Certificates such as Symantec Comodo CA or even hosting providers like Go Daddy. Your first step is seeing if you can buy an SSL through your website hosting company (i.e. GoDaddy, Hostgator) and see what they offer. Comodo CA was voted the best when it comes to overall performance . If your host does not provide Comodo CA or no SSL period you can always purchase it and have your host import and install it on your server for your site. There are many prices ranges for SSL and it can be a tad overwhelming, so the best thing to do is think about what you are trying to protect. If you are just protecting information that is not very personal, but want some form of encryption you can purchase a standard SSL for around $50-$90 depending on your host and the SSL manufacture (i.e Symantec or Comodo CA) But, if you want to secure personal information such as credit card information, you want an SSL that gives the Green Lock icon below.
You can ask your host provider for the right SSL for this to happen because companies name it differently and it can be hard to understand which one does what, but I recommend you shop for around for that SSL because some might sell the same SSL Certificate at much lower prices. If you happen to have the cash to spend and want to one-up your competition you can get the highest end of SSL which is EV, which allows a green address bar with company name in the domain name such as this:
This form of SSL certificate is not cheap and is not as simple to get. However, it will show all users coming to your site that your site takes care of security needs, and shows that your company is trusted enough to be approved for the EV SSL which can help persuade a conversion or two from those users who are a little worried about their security and privacy for online shopping.
Sources/Definitions
- Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link.
- The process by which two devices initiate communications. Handshaking begins when one device sends a message to another device indicating that it wants to establish a communications channel. The two devices then send several messages back and forth that enable them to agree on a communications protocol.
- In cryptography, a message authentication code (MAC) is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).
Secure Sockets Layer, better known as SSL, is a cryptographic protocol designed to provide communications security over a computer network. SSL is used for web surfing, internet faxing, voice-over-IP and is used by, but not limited to, big time websites such as Facebook, Google and YouTube.
How SSL Works
SSL works by encrypting a connection between two points of contact: a client (e.g. a web browser) and a server (e.g. tbsmo.com) using symmetric cryptography1. Each time a new connection is made, a unique key for the encryption is generated during the handshake protocol2. That’s what makes SSL so powerful and reliable; because these keys do not exist before connection is made, so even if there was someone waiting to steal or just eavesdrop on your connection they wouldn’t be able to. An attacker cannot change any info without sounding the alarms. Also, the message authentication code3 integrity checks to prevent alteration of data or prevent undetected loss of data during the connection transmission. I know it doesn’t sound like much, but the amount of algorithm that takes place for just you to connect to Facebook would take you thousands of times longer than our computers!
Does My Website Need SSL Certificate?
You are probably wondering if you need a SSL Certificate for your website, or if it just a waste. SSL is definitely a necessary addition to any website because it offers protection of you and your user’s privacy. If you have a website which requires the user to put in personal information such as credit card information, or if you have a service that requires the users to enter personal information such as bank account or social security numbers, then you ABSOLUTELY need a SSL certificate. You have a responsibility to keep that information secure. If someone ever hacked into your site they could steal all of your user’s personal information which leads to a lack of trust amongst your users and opens up the possibility for legal action against you.
Now I know you might be thinking, “Hey my website does not take any personal information and the most I ask for is phone number or email”. Sure, not much can come from not having SSL coverage for your site, however look it at like this: If you were having a conversation with a friend, nothing private just gossiping in a public area, and then when you were in mid-conversation a random stranger who neither of you know comes up and stands right next to you and begins to listen to your conversation. The stranger doesn’t talk or have any expression, but is just there – and even though he/she is not doing or saying anything you can’t help but feel awkward that this stranger is listening to and watching you. Now I know this is an odd thing to think about, but not having SSL on your site is essentially giving permission for others to listen to your conversations and watch your every move within the website; spooky! So to summarize, yes, you should have SSL on your site for that peace of mind for you and your users, but it is recommended/required if you are taking personal information from users.
What SSL Certificate is Best for Me?
SSL Certificates come in many shapes and sizes, but I can give you the right information to help you choose. First things first, there are different companies that sell SSL Certificates such as Symantec Comodo CA or even hosting providers like Go Daddy. Your first step is seeing if you can buy an SSL through your website hosting company (i.e. GoDaddy, Hostgator) and see what they offer. Comodo CA was voted the best when it comes to overall performance . If your host does not provide Comodo CA or no SSL period you can always purchase it and have your host import and install it on your server for your site. There are many prices ranges for SSL and it can be a tad overwhelming, so the best thing to do is think about what you are trying to protect. If you are just protecting information that is not very personal, but want some form of encryption you can purchase a standard SSL for around $50-$90 depending on your host and the SSL manufacture (i.e Symantec or Comodo CA) But, if you want to secure personal information such as credit card information, you want an SSL that gives the Green Lock icon below.
You can ask your host provider for the right SSL for this to happen because companies name it differently and it can be hard to understand which one does what, but I recommend you shop for around for that SSL because some might sell the same SSL Certificate at much lower prices. If you happen to have the cash to spend and want to one-up your competition you can get the highest end of SSL which is EV, which allows a green address bar with company name in the domain name such as this:
This form of SSL certificate is not cheap and is not as simple to get. However, it will show all users coming to your site that your site takes care of security needs, and shows that your company is trusted enough to be approved for the EV SSL which can help persuade a conversion or two from those users who are a little worried about their security and privacy for online shopping.
Sources/Definitions
- Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link.
- The process by which two devices initiate communications. Handshaking begins when one device sends a message to another device indicating that it wants to establish a communications channel. The two devices then send several messages back and forth that enable them to agree on a communications protocol.
- In cryptography, a message authentication code (MAC) is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).