SSL Basics

How Does SSL Work?

By Mariel Jaramillo
March 12, 2019
original copy for construction industry

SSL technology is a relatively simple security measure that utilizes a very powerful encoding technique to encrypt website data to keep user information safe and secure. SSL has been around since the early 90s but has recently seen an increase of usage and has become the standard for security on the internet. Read on to learn about the basics of SSL and how it works.

How is information transferred on the internet?

The internet is a network of connected computers sending information back and forth through a communications system called HTTP. HTTP stands for Hypertext Transfer Protocol, HTTP is written in plain computer language that uses a series of bits that anyone with the appropriate protocol analyzer software can capture and transcribe. To put more simply, whenever you are interacting with a website that is not secure (i.e. HTTP) the address and content of the site as well as any form or payment data you enter can be read in plain text by a skilled attacker. Your vulnerability to such an attack is particularly acute when using wifi on public or unsecured access points. In order to provide a private way to transfer information on the web, computer scientists created SSL technology to ensure that data exchanged via web browsing remains secure by encoding both upstream and downstream data.

What is an SSL Certificate?

SSL stands for Secure Socket Layer. SSL certificates are issued by  trusted certificate authorities and sold directly through them or resellers such as hosting providers.  An SSL provides security in two ways, Encryption and identification.

Encryption: An SSL uses a simple text file to encrypt data by generating 2 keys, one private and one public. When a computer connects to a website that has an SSL installed on it, the secure website sends the other computer a key through what is known as an SSL handshake. The key is used to translate information it receives and encrypts information it sends. This keeps all of the information that flows between them private in that it is transferred in a "secret language" that only the two computers with the key can understand. SSL technology is used between web servers and browsers as well as mail server and mail clients. By installing an SSL certificate on your site, the url changes from HTTP to HTTPS, the added S stands for Secure.

Identification: The other way in which SSLs provide security is by authentication and identification. Depending on the type of SSL certificate that is used, a Certificate provider will request from the website owner several types of identification in order to ensure that they are who they say they are and vet them by issuing an SSL certificate.

Do I need an SSL for my website?

original copy for construction industry

SSLs make the internet a safer place by encrypting all information, including sensitive private information such as credit cards and identity. In order to protect your customers and visitors of your site from becoming victims of internet crimes, using an SSL is crucial.

Even if you're not selling anything on your site and don't have forms for your visitors to complete, there are still lots of reasons why you should have an SSL on your website. In 2019, people are used to seeing the padlock on the url of the website they are visiting and have come to expect it. In fact, not seeing a padlock will lead many people to question if a site is safe to and will cause many to leave. Providing a secure connection to your website is an easy way of invoking trust in your visitors.

Another reason to have an SSL is that Google wants you to. And when Google speaks, you better listen or face the consequences. As of July, 2018 Google started to prepend a message of "Not Secure" in the address bar of all websites not using an SSL. In addition to shaming non-SSL websites, it has started to reward websites with SSLs by bumping up their position in search rankings. Google wants to make the internet a safer place and has implemented these actions to do just that. Since Google started this push to promote the use of SSL technology, there has been an enormous hike in the amount of websites that are now secure. According to Google, over 81 of the top 100 websites now use HTTPS.


 

Types of SSL Certificates

original copy for the construction industry

Domain-validated SSL certificate

This is the most commonly used certificate and for most individuals and small businesses that do not accept payments through their websites, this is all they need. The DV certificate is also sometimes referred to as a low assurance certificate because anyone can get one. The information is encoded which is the primary purpose in this case but the identity of the website is not guaranteed. The buyer of a DV SSL certificate does not have to prove they are who they say, only that they have access to the email that registered the domain. But again, if no transactions are occurring on the site, and the information is encoded, there is little cause to worry about the true identity of the site owner.

Organization-validated SSL certificate

The OV SSL is the mid-level type of certificate, also known as the high assurance certificate. It offers the same encoding that all SSLs provide but it also ensures that the website using the SSL is really who they say they are. To be issued an OV SSL, the organization must be able to verify their organization information including name and address. This type of SSL is most commonly used by big companies that don't accept online payments.

Extended-validated SSL certificate

The top level of SSL certificates is the EV SSL. This is the type of SSL that all large well-known companies, especially if they accept online payments, should have. To acquire an EV SSL, the requester must go through an arduous verification process that can take weeks. Several identifying documents must be submitted to the certificate authority and even a phone conference might be required. This type of SSL is the Gold Standard of Security. A telltale sign that the website you are visiting has an Extended-Validation SSL is the appearance of a green padlock. All other SSLs will display a black padlock but only the EV SSL will be green.

What type of SSL Certificate do I need?

DV - Best for small companies or personal websites. If you don’t accept online payments through your website, this is probably all you need. This is quick and easy to install and will give your website visitors a secure experience and the confidence that they expect. For most of our clients who are in the construction industry and primarily have a website for marketing purposes, this is the appropriate SSL certificate for them.

OV - If you are a well known entity, you should opt for an OV. Being a more popular company can lead to copycat websites that will try to impersonate your brand. They can lead visitors to their site and steal their information. To show that you truly are the real deal, consider getting a OV. It will be a bit harder to prove it's really you, but that's the point.

EV - If you have an e-commerce site, a corporation or government agency you must use this type of certificate to protect your visitors. If you just want to offer the best security possible on the web and instill immediate trust in your visitors, also consider this certificate. It is the premium choice in website security.

Where can I buy an SSL Certificate?

All SSL Certificates are issued by Certificate authorities and sold by third parties. Hosting companies usually sell SSLs and offer assistance in installing them for an extra charge. Construction Marketing is a reseller of Godaddy products and offer very competitive prices.

If you are interested in purchasing an SSL for your site, head on over to our Godaddy reseller account and purchase one today. In addition to SSLs we also offer complete hosting services, website monitoring, domain purchase and technical assistance.

Buy An SSL Certificate