What is SSL and what is it for?19 June 2021 | Author: Alina Nikolaevna | 57
SSL is a cryptographic encryption protocol that ensures data security. Simply put, an SSL certificate is a validation mark that ensures your site is safe for visitors. The fact that SSL is installed and the resource is protected is indicated by the "lock" in the browser line. But why can't the site work securely right away? And what does “safe” mean in general? Let's figure it out.
When you register a domain, bind it to your hosting and publish your site, it runs over HTTP (HyperText Transfer Protocol) by default.
HTTP is an application data transfer protocol that was used at the dawn of the Internet. It still functions properly (data is still being transmitted with its help), but it has a big drawback.
The data that is transmitted using this protocol is not protected from third parties. In practice, this means that any request coming to the site http://site.com can be intercepted by attackers. For example, in cases when the user enters the bank card number on the site for payment.
Fraudsters will use the stolen information for their own ends, but claims and negativity will not go to them, but to the site on which the information was leaked - they did not protect customers.
The fact that the HTTP protocol is not recommended for use in modern realities is confirmed in the interface of browsers. Such a warning in Google Chrome accompanies sites using an insecure protocol.
In addition to the vulnerability, a site without an SSL certificate is subject to another problem. Since 2014, the largest search engines Yandex and Google have pessimized (dropped in the search results) websites that work over HTTP. Therefore, in a highly competitive cluster, sites with HTTP in the address bar can “lose” to protected resources.
SSL certificates are needed to avoid the above. Once you've connected your SSL certificate to your site, you can begin replacing insecure HTTP with the secure HTTPS (HyperText Transfer Protocol Secure). So business owners who want their company's websites not to be overlooked by clients and search engines cannot do without SSL.
Translating a website to HTTPS consists of two stages:
- Purchase a suitable SSL certificate.
- SSL connection to the site and setup.
Both stages require technical expertise. We recommend that you contact the specialists of the company where you buy SSL, or the developers of your site for help.
About buying an SSL certificate
An SSL certificate for a domain is issued and paid for one or two years. After expiration, it must be renewed.
First, choose a certificate that suits your business goals. SSL certificates come in several types: Domain Validation SSL (DV SSL), Organization Validation SSL (OV SSL), and Extended Validation SSL (EV SSL).
- DV SSL - basic certificates that only confirm ownership of the domain. Typically used for information projects (blogs, information sites and portfolio sites). Issued within 1-3 days.
- OV SSL - standard certificates available only to legal entities. They confirm ownership of the domain and the existence of the organization. Used for business websites and online stores. Issued within 3-10 days.
- EV SSL - extended certificates that are also available only to legal entities. They differ from OV SSL in greater reliability: when issuing a certificate, the company's activities are carefully checked. In addition, EV SSL visually confirms the high reliability of the site by highlighting it in green in the address bar in most browsers. This type of certificate is recommended for banks and e-commerce platforms. Issued within 10-14 days.
Order a certificate that suits your project in terms of security level. Issuing an SSL certificate is the first step towards a reliable website. Further actions require special knowledge in the IT field. If you do not feel competent in hosting management and settings in the CMS administration panel, contact the site developers.
How to translate a website to HTTPS
Website translation to HTTPS consists of 2 stages:
- Installing an SSL certificate on the site.
- Redirecting requests from HTTP to HTTPS and eliminating mixed content.
After issuing the SSL certificate, you need to install it on the site. DV SSL are installed automatically. You can manually install certificates of other types using the appropriate instructions from the section Obtaining and installing an SSL certificate.
Redirecting a site from HTTP to HTTPS and eliminating mixed content
After installation, your site will be available at https://site.com. But that's not all. It is necessary that requests for all site files are also redirected over HTTPS. If you are using shared hosting, follow the instruction Configuring a site to work over HTTPS. If you are using a different type of hosting or hosting from a different provider, refer to the help articles or developer help.
By following the steps described, you will get a completely secure site.
Once again the importance of SSL
Connecting SSL and configuring HTTPS connection is a resource-intensive procedure. It may seem that security concerns primarily concern the owners of commercial sites (large online stores, banks, etc.), who are exposed to reputational and financial risks. But non-commercial projects also need protection.
Even if users do not buy anything on an unsecured site, they can become victims of hackers. For example, when scammers replace the original content of the site and add third-party advertising instead. Or they steal visitors' cookies and use this information to plant targeted ads.
The vast majority of sites that are indexed by Google already run over HTTPS (93% as of June 2021). Cybersecurity is a trend that business owners should not ignore. By taking care of setting up an SSL certificate, you will get a reliable website and protect your customers, as well as increase brand loyalty.