SSL and HTTPS – Everything You Need to Know

What is SSL?

SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser (e.g., Chrome, Safari, Internet Explorer); or a mail server and a mail client (e.g., Outlook).

Originally HTTPS was designed to allow for sensitive information to be safely exchanged over the internet, today it is a best practice for all websites.

Here are the top four reasons why every new website being built today should be served over HTTPS:

  • SEO – Search engines have started to rank sites that are served over HTTPS higher than comparable HTTP sites
  • Trust & Security – HTTPS makes man-in-the-middle attacks much more difficult and establishes a level of trust with the server you are connecting to
  • Surveillance – The rise of government surveillance, both foreign and domestic
  • It’s easy! Setting up HTTPS is now generally easy to do and SSL certificates can now be purchased and installed for free

How SSL Works

The lack of encryption with http:// URLs makes it very unsafe to browse and interact with websites that contain sensitive information, like bank websites, shopping websites, or any website that you login to, and especially any website where you enter a credit card number.When you visit a website at an http:// URL, information is sent through the network (“over the wire”) unencrypted, and you have no guarantee that the server you are connecting to at the other end is actually the server you think it is.

The https:// protocol solves these problems by forcing the network packets to be encrypted and guaranteeing via a third-party that the server on the other end is the one and only valid server for that URL. HTTPS makes man-in-the-middle attacks far more difficult and establishes a level of trust with the server you are connecting to.

The Certificate Authority

The third-party that establishes this trust is the “Certificate Authority”. The Certificate Authority sells SSL certificates and creates the network “handshake” that happens when connecting to a website. This way you can be sure when browsing over HTTPS that the server you are connecting to is the server you are asking for, and that any network packets you pass back and forth will be encrypted.

How to Implement SSL

The process of purchasing and installing an SSL certificate is generally very simple, and many web hosts will both sell and install SSL certificates in one step. You can also purchase an SSL certificate yourself from a certificate authority like RapidSSL and then ask your host to install it for you.

Although SSL certificates can still be expensive when purchased through certain certificate authorities, a new initiative led by a group of the biggest internet companies in the world called Let’s Encrypt is promising to provide top notch SSL certificates for free. As of January 2016 this service is in public beta, but very soon it will be the go to place for acquiring free SSL certificates.

Standard vs. Wildcard SSL Certificates

The only decision a potential SSL certificate purchaser needs to make is whether to get a standard SSL certificate or a special SSL certificate called a wildcard certificate. Standard SSL certificates protect a single domain like mightyminnow.com but don’t protect subdomains like hello.mightyminnow.com, whereas wildcard certificates can protect one level deep into subdomains. If your domain name has any subdomains that you want to serve over HTTPS, you’ll want to purchase a wildcard certificate.

What Now?

If you want your website to be more secure, better trusted and better “liked” by Google – consider purchasing and configuring an SSL certificate.