SSL Certificate: What It Is and Why Your Site Needs One

Amanda has been maintaining a blog and an online store since 2016. Recently, she has decided to get an SSL certificate for her sites.

A friend has told her that it would help her sites get better ranks on Google. It would also provide customer data security and other benefits. Amanda is not the only one.

Over the last five years, the interest of site owners in SSL certificates has been consistently high.

Our statement is based on Google trends data. As you can see above, people all over the globe have been looking up “SSL certificate” quite vigorously.

In this discussion, we would talk about SSL certificates in detail. So do stay with us.

So, what is this SSL certificate?

SSL stands for Secure Sockets Layer. It is a security blanket. It secures the data path between your web server and a browser.

With it in place, hackers would not be able to steal sensitive data. Thus, people and search engines would find your website reliable.

If a website has an SSL certificate installed on its server, then its URL would have a “padlock” and “https” beside it.

The image below shows what we are talking about.

What are the benefits of an SSL certificate? Is it worth the money? Do you really need it?

Well, here are the reasons why you should have an SSL certificate for your website yesterday:

1. Your website would enjoy better ranking on search engines

A study by Brain Dean, founder of Backlinko, shows a positive relation between SSL certificates and search engine rankings.

The data above is based on 11.8 million Google search results. According to this data, almost all sites at the top of Google search results have SSL certificates.

Thus, your site is highly likely to have better rank (provided it fulfils other conditions as well).

2. Your customers would find your site safer and trustworthy

Imagine having your official business name and country of location showing up in green beside your website. Just like in the image below.

Thanks to the SSL certificate, your site visitors would know that yours is a genuine business. They would thus feel comfortable putting in their sensitive data like credit card numbers, PINs etc.

As a result, a more significant portion of your site visitors would convert into paid customers. Your revenue would soar!

3. You would enjoy a financial cushion in case of fraudulent transactions

SSL certificates come with a warranty of a certain amount of money.

Allow us to explain.

The use of stolen credit cards to make a purchase is rising. And in case of such transactions, banks usually reward the original owner in case of a chargeback claim.

But with an SSL certificate, that money doesn’t need to come from your pocket. If the transaction value is within the warranty limit of your certificate, then your SSL certificate provider would cover it.

**Note: If you are accepting payments on your website, then it has to be PCI/DSS compliant. And one of the twelve mandatory conditions is that your site has an SSL certificate installed.

SSL certificates are of several types:

Let us now look at each of them.

1. Extended Validation Certificate (EV SSL)

This type of SSL certificate is the most expensive. The vetting process that comes with it is also the most extensive. To get an EV SSL, you would need to provide the following:

• Verification of the ownership of your domain name.
• Verification of the physical address of your organisation.
• Verification of the legal existence of your business.

This is how it looks on Firefox browsers.

The name of the business and country of operation are both visible (marked by the red box).

In Chrome, this is how it looks.

When you click on the padlock, it shows you additional information.

If you are not sure if you need one, then send us an email. We love helping business owners make informed decisions.

Next, we would cover

2. Organisation Validation Certificate (OV SSL)

This type of SSL certificate requires the website owner to provide identity proof. It lets the website visitors know that it’s a verified website.

The verification process of this type of SSL is not as extensive as that of EV SSL. Thus, it costs less than the one above.

On Firefox, this is how an OV SSL looks like.

As you can see above, the name of the business, as well as the country it’s based in, are shown. If your website takes payment or requires visitors to input sensitive information, then we strongly recommend you get an OV SSL for your site.

3. Domain Validation Certificate (DV SSL)

Compared to EV and OV SSLs, this is way easier and cheaper to get. All you provide is proof that you are the rightful owner of your website.

With this SSL, the browser would just show a padlock and https. It offers less secure encryption.

Thus, it is best for blog sites or websites that do not handle sensitive information. The downside is, your visitors would not know who or what organisation owns the website.

Number four is

4. Wildcard SSL Certificates

This type of SSL certificates is for base domains and an unlimited number of subdomains.

For example, www.hubspot.com is a base domain. Subdomains associated with this domain are support.hubspot.com, marketing.hubspot.com, sales.hubspot.com etc.

A wildcard SSL certificate would secure all of the domain mentioned above and its subdomains.

5. Multiple Domain SSL Certificates

As the name suggests, this type of SSL certificate would be able to secure up to one-hundred base domains.

For example:

www.cmi.com
www.sej.com
www.ahrefs.com
www.semrush.com
www.semrush.in
www.semrush.org

One multiple domain SSL certificates would be able to secure all of the above and more. Now, this type of SSL is not exclusive in itself.

These come with EV or OV features.

How exactly does an SSL certificate work?

We would now discuss how an SSL certificate uses the HTTPS protocol to keep your data safe.

Let us say a visitor, named Amanda, is trying to access your website medimelbourne.com (an example site).

Here is what happens:

1. Amanda’s browser asks the webserver of medimelbourne.com for its secured pages.
2. In response, the webserver of medimelbourne.com sends its public key (a digital ID for servers and websites) along with its SSL certificate to Amanda’s browser.
3. Amanda’s browser, at this point, needs to verify that the SSL certificate is valid. It does so by matching the public key from medimelbourne.com’s server against those in its database. If the key matches one in the database, then the authenticity and validity of the SSL certificate are verified.
4. After the verification, a padlock appears beside the URL on Amanda’s browser. It indicates that the webserver is really the one containing medimelbourne.com website.
5. It’s not over. Amanda’s browser now takes another precautionary step. It creates a pair of identical private keys. It keeps one to itself. The other one is sent to the webserver in a data pack encrypted by the public key that the server initially sent to the browser (refer to step 2 if necessary).
6. The web server of medimelbourne.com uses its own private key to decrypt the data pack. It now has the private key Amanda’s browser created for it. A secure connection is now established between the server and the browser. From now on, this connection would be used by Amanda’s browser to fetch the pages of medimelbourne.com from the server.

Wrapping up

SSL certificate is no longer a luxury. Since 2018, Google has been flagging sites without an SSL certificate.

This is how it looks.

Is this something you would want your visitors to see when they land on your site? Confused about the most suitable SSL certificate for your site?

Well, feel free to contact us. We have helped hundreds of Australian business owners with their websites and SSL certificates.