It takes time and money to maintain a website. Nothing could be more terrifying than seeing all your hard work changed, stolen or worse, completely erased by computer hackers. So it goes without saying that you need to maintain a solid website protection strategy to shield your website against these security threats. Here at Vodien, we put a premium on our client’s online security because we don’t want you to fall victim.
It doesn’t matter if you are a small business or a huge corporation. Customers want the same things when browsing on any website–to be able to browse safely and protect the privacy of their personal information. One way to take charge of your site’s security is by installing a Secure Socket Layer (SSL) software.
But first, what is SSL and how can it protect my website against cyber hacking? Excellent question and one we can answer in full detail here. We will also discuss how converting to an HTTPs website can create a vote of trust and confidence for your brand.
What is HTTP, HTTPs and SSL?
HTTP stands for HyperText Transfer Protocol. It’s a type of protocol (a method of exchanging data over a computer network) used by browsers and web servers to transmit data to one another. When you enter a website address (ex. www.vodien.com) on a browser’s address bar, it sends an HTTP command to a web server (where the website is hosted), telling it to get the website requested.
HTTPs is the secure version of HTTP. The ‘s’ in the end stand for ‘secure’. It can encrypt the communication between the browser and website. HTTPs is commonly adopted by websites to protect confidential transactions such as online shopping and banking. SSL or Secure Socket Layer is a type of technology that encrypts data as it travel through the Internet to ensure that private information is not compromised.
HTTPs combines HTTP and SSL and/or Transport Layer Security (TLS) protocol. TLS is a security protocol that is commonly used in browser and web servers. Both SSL and TLS use an asymmetric Public Key Infrastructure system (PKI). A PKI enables the identification and distribution of public encryption keys. This allows users and computers to exchange data securely through networks like the Internet and confirm their identity.
When users enter private information like passwords or credit card details on a website, data travels through different servers and networks before it reaches the right destination. As it is transmitted, cyber hackers may try to intercept a customer’s private information unless the network is encrypted.
SSL will essentially encrypt the data transmitted between a computer and server so that it’s difficult for third parties (read: hackers) to read and process it without the victim’s knowledge.
So in a nutshell, a SSL certificate offers the following benefits:
- Encryption – encrypts sensitive information like passwords and credit card numbers
- Trust – having an SSL gives customers the confidence that your company is credible and trustworthy to do business with
- Improved Page Rankings – HTTPs is one of the ranking signals for the Google’ algorithms. It can boost your page ranking in Google search results.
HTTP vs HTTPs Website: What Do They Look Like?
This how you can tell HTTP and HTTPs apart:
An ordinary HTTP website will show a circled ‘i’ symbol on the address bar which means that the connection is not private. You might encounter messages such as “Login not secure” or “Payment not secure” when accessing an insecure web page. We strongly discourage you from entering any sensitive information such as passwords or credit cards when on these sites.
An HTTPs website has a green lock on the left side of the address bar beside the full name of the company. When you click on the website name, it gives a snippet of information about the SSL certificate. These HTTPs website may show a “security seal” that shows who issued the SSL certificate and verified the website owner’s identity.
Some websites may have HTTPs in the address but don’t have a green lock icon on the address bar. This could mean that the SSL certificate is not provided or there may be some resources or content served over HTTP instead of HTTPs.
On the backend, this is how an HTTP and HTTPs sites will look like:
As you can see, an HTTP website exchanges data on an insecure network which is not encrypted. It is at risk of being exposed to hacking. On the other hand, an HTTPs website works through a secure network, keeping the data between user and server secure and safe from cyber hackers.
How does an SSL Certificate Work?
When someone visits an HTTPs site, the visitor’s web browser and the website’s servers must virtually ‘shake hands’ to start a session. This is how it goes:
- The web browser initiates by requesting the SSL certificate.
- As soon as it receives and confirms this, it produces a code known as the master key.
- Then it encrypts the connection using the public key connected to the certificate.
- It forwards the encrypted master key back to the website’s server.
- Since the web server has the private key under the public key, it has the ability to decrypt the master key. The latter is used to authenticate the message that is sent back to the visitor.
- The virtual ‘handshake’ is complete and the two parties can now engage in a secure session.
Types of SSL Certificates
Here are the five different types of SSL certificates you can use for your website.
Domain Validated Certificates (DV)
DVs offers an industry-standard encryption and validation with minimal requirements compared to other types of SSLs. This is recommended for blogs and websites with minimal traffic. It can be processed in a few minutes since the CA only needs to validate that you’re the real domain owner. Due to its simplicity, DV certificates are among the cheapest security certificates you can find.
Organization Validation Certificates (OV)
Organization Validation certificate validates organisations or companies as a legitimate business. The entire activation process generally takes 1-3 business days. OV certificates have a number of trust indicators but you won’t see the green address bar. This encrypts the entire site but is not as expensive as the Extended Validation Certificates (EV). This is recommended for ecommerce websites that process high-value online transactions.
Extended Validation (EV) Certificates
When it comes to encrypting data, EV certificates sets the security a bar higher. On the address bar, EVs show a green padlock icon with the full company name. This is a visual seal of trust and authenticity for websites. It uses industry-grade 2048-bit encryption.
It takes a couple of days to weeks to issue this certificate due to the strict validation process by the CA. The validation involves verifying the domain ownership and documentation about the company’s legal existence. Big companies like Amazon, PayPal and Etsy are just a few high-traffic sites that use Extended Validation certificates.
For those who need to secure multiple domains, you can do so with a multi-domain certificate. It’s a hassle-free way to secure domains because you don’t need to activate separate SSL certificates for each domain. You can secure up to 100 domains depending on what the certificate entails.
A Wildcard Certificate allows one to secure unlimited number of first-level subdomains from a single domain name with a single certificate. As an example, if ‘originaldomain.com’ is the main domain, then ‘forum.originaldomain.com’, ‘mail.originaldomain.com’ and other subdomain variations can be covered by a single wildcard certificate.
What does a Certificate Authority (CA) Do?
A Certificate Authority or CA is a third-party organisation that issues digital certificates that verifies a client’s online identity. Digital certificates like SSL plays an integral part in the public key infrastructure (PKI). You can tell who issued the digital certificate by simply clicking on the padlock symbol on the address bar on top beside the website’s URL.
A security certificate works on both private and public keys to maintain a secure connection between the visitor’s browser and the website’s servers. It certifies that the signed public key linked to that website belongs to the website owner. Using its own private key, the Certificate Authority signs the public key. The CA’s credibility adds more impact to the reliability of the private keys they certify.
Give your Customers the Peace of Mind
Threats of a possible cyber attacks is still and will always be one of the biggest motivation for website owners to stay cautious and innovative. There’s no telling on when the next cyber threat will be, as cyber crimes get more sophisticated each year. Always keep your customer’s security and privacy as your top priority. Installing the right security certificate keeps these fears in check and gives customers more reasons to trust your brand.
To help encrypt your customer’s sensitive information, we here at Vodien offer premium SSL Certificate. All our SSL certificates are certified by Thawte, a Verisign subsidiary and the world’s well-known Certificate Authority. Data is secured by up to 256-bits data encryption from the root level which is responsible for authenticating and protecting your website against domain spoofing and phishing. Also, if you have any enquiries about SSL, just CLICK on the link below to get started.