Reasons Why You Need SSL Certificate For Your Website:
- SSL protects data communication between two or more parties. (For example: your user’s web browser and your web server).
- SSL provides authentication for your website.
- SSL is essential if you have an online store that accepts online payments since SSL is required for PCI compliant.
- Improves your users or customers trust towards your website.
- Improves your website search ranking.
Introduction to Why Do You Need SSL Certificate?
We have provided a list above which explains on a high level the reasons you need a SSL certificate for your website. That list should suffice to answer your question as to why you would need a SSL certificate.
However, if you are a hardcore learner and would like to know more in details, we welcome you to read until the end of this article!
We promise to include as much details as we can while also making it easy for you to understand.
What is SSL?
SSL or Secure Socket Layer is a cryptographic protocol that serves to encrypt the communication between two or more communicating parties.
Basically, when user opens a web browser (Chrome, Firefox, Safari, Edge), go to the search box and inputs your website domain (for example, my website domain is https://rasyue.com), the web browser makes a request to your website’s web server.
In this situation, the communicating parties are the user’s web browser and your website’s web server.
How does the Web Browser and Web Server communicate with each other?
Web Browser communicates with Web Server using HyperText Transfer Protocol (HTTP) on top of TCP/IP. We are not going to talk about TCP/IP as it is a lot more complex topic and you do not need to know about it.
When a user types in your domain name in the web browser’s search box, the web browser sends a HTTP Request to your website’s web server.
In the HTTP Request, there are a lot of data that your web server will process and then determine the action and the data to return.
In this case, the web server will return your website’s home page or the root page. Basically, any action that users do on your website like clicking button, login, registration, changing pages trigger the browser to send a HTTP Request.
So, where does SSL comes into all of these processes? We will talk bout that shortly.
The Evolution of SSL to TLS
SSL was first introduced in 1995 and then after a few version released, SSL evolved into TLS in 1999.
What is TLS you may ask?
TLS or Transport Layer Security is an upgraded version of SSL. It works similar to SSL in a sense that it provides better security. The most commonly used version of TLS today is TLS1.2 or TLS 1.3. Version lower than these two are deprecated and may pose a security issue if used.
Even though TLS is an evolved improved protocol that derived from SSL, people all over the world still refers this protocol as SSL instead of TLS. Even the certificate is still refer to as SSL certificate.
Some will use the terms SSL and TLS interchangeably but they are not the same.
But still, since a lot of people still use the term SSL to refer to this protocol, we will continue to do the same to prevent confusion. So, don’t worry if you come across terms like SSL cert, SSL/TLS cert or TLS cert, they all mean the same thing.
How does SSL Certificate Works?
A SSL certificate is really just a file that is installed on your website’s web server.
The process can be complicated if you want to install it manually but now days, most hosting providers will install it for you.
What’s inside SSL certificate anyway?
Well, a SSL certificate is just a data file containing information on the website’s owner and a public key. If you open a SSL certificate file, it would only contain a huge length of encrypted text jumbled up that present no use to the human eyes.
So, how does SSL certificate works?
When a web server has a SSL certificate installed, the communication between the web server and web browser will become secure since its now communicating using HyperText Transfer Protocol Secure (HTTPS).
HTTPS is basically a secure version of HTTP. It literally works the same way except that HTTPS uses SSL/TLS to encrypt the normal HTTP Request and Response between the web server and web browser.
How is it secure then?
The communication between the web server and web browser is now secure because SSL/TLS is use to encrypt all the data into non human-readable text.
Without SSL/TLS, the HTTP Request/Response is in plain text which a hacker can easily read.
With HTTPS, the Request/Response is now encrypted and a hacker will not be able to read it or try to decrypt it.
Furthermore, with SSL certificate, the two communicating parties would be able to tell the Request/Response is going and coming from the right web server/web browser.
Where to get SSL Certificate?
There are 2 ways you can get a SSL certificate for you website.
- From a legit Certificate Authority or also known as CA.
- Generate your own SSL certificate which is also known as self-signed certificate.
Unfortunately, we will not be talking about self-signed certificate as it requires knowledge in software engineering to generate and install it on your website.
Even if you do, a self-signed certificate is still not fully secured and considered as a security issue by most browsers.
We will only talk about the first method exclusively onwards.
What is a Certificate Authority (CA)?
A Certificate Authority or also known as Certification Authority is a trusted entity or organization that stores, signs and issues digital certificates.
There are 3 types of digital certificates which are:
- SSL/TLS certificate (we will only talk about this)
- code-signing certificate
- client certificate
The sole purpose of CA is to make the internet a safe and secure place for users and organizations alike. CA plays a very important role in digital security.
How does Certificate Authority (CA) issues a SSL/TLS Certificate?
On a high level, here’s how a CA issues a SSL/TLS certificate. Understand that this SSL/TLS certificate is also referring to SSL certificate.
Usually this process starts when you buy a SSL certificate from a CA of your choice.
- First, you generate a CSR or Certificate Signing Request as well as your private key which are two different type of files.
- The generated CSR is then send to the CA. The CA verifies the information in the CSR and the applicant’s identity.
- CA verified and digitally signed the CSR with its own private key and sends back the certificate to the applicant.
- At this point, you can install the SSL certificate on your web server and starts using it.
Keep in mind, the real process is a lot more complex but we want to keep this simple.
What is PCI Compliance?
Before we end this writing, we would like to talk about PCI compliance since we mentioned it in the list in the first part of this article.
The Payment Card Industry Data Security Standard or PCI DSS is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.
This means that if you have an online store that accepts online payments from your customer, you have to adhere to the PCI Compliance.
Using SSL Certificate for your website/online store is a small a part of the PCI Compliance but still a very important part.
We think we have covered pretty much everything you need to know about SSL certificate in details.
We think we don’t really have to emphasize why you need a SSL certificate for your website anymore.
By the way, if you are looking to get SSL certificate for your website, we would like to suggest to read our articles that can help you to decide which CA to choose.