For creative website, virtual tours & graphic design
Call us on 01780 740893
What’s an SSL Certificate & does my website need one?

If you’ve noticed a plethora of articles about SSL Certificates for the web, you might be wondering what they are and whether your site needs one.

In January 2017 Google began (with Chrome 56), to mark pages that collect sensitive information such as passwords as non-secure if the site does not have an SSL certificate.

This was the first part of a staged rollout to encourage all websites to get rid of plain old HTTP and to move towards ALL sites to using HTTPS  in order to make a more secure internet.

So what does that mean for your website?

SSL Certificate

What’s an SSL (secure socket layer) Certificate ?

SSL certificates are an essential component of the data encryption process that make internet transactions secure.

The SSL layer has 2 main purposes:

  • Checking that you, the web visitor, are talking directly to the web server that you think you are talking to
  • Ensuring that only the web server can read the information you sent and only you can read any information the server might send back

Without an SSL Certificate applied to a domain, it is possible for hackers to intercept the information you enter into a web page.

The process works like this:

  1. When a someone visits a website the browser checks to see if there is an SSL certificate associated with it. If there is, a process known as “the SSL handshake” begins.
  2. During the SSL handshake the browser checks that the SSL Certificate is valid and ensures that the website is authenticated correctly.
  3. All SSL certificates have two keys: a public key and a private key. These keys each handle encryption and decryption of the data passed from the website to the web server. They are used during the SSL handshake to communicate securely.
  4.  Once the certificate is confirmed as valid, the website’s server creates a “session key,” that is used just for the remainder of the that particular secure connection.
  5. At the end of this handshake, which generally only takes a few hundred milliseconds, the secure connection is created and communication between the website and the web server is made secure across the internet.

When a domain has an SSL Certificate a visual clue appears next to the address bar: a green padlock to clearly indicate the site is a secure place to enter personal information.

At present sites without an SSL certificate  are not flagged up as insecure on any page that does not require you to enter personal details. However, the information icon next to the url, does warn visitors that the site is not secure if they click the link.

ssl not secure

You might be thinking that your site doesn’t require anyone to log in with a password, and you don’t take credit cards details so you’ve no need to show your site is secure. However, if your site has a contact form then that page would be flagged as soon as a visitor starts to enter details.

In later versions of Chrome (after v56) the intention is to gradually mark all HTTP sites as non-secure and to change the HTTP security indicator to the red triangle that they presently use for broken HTTPS.

http not secure

Moving forward, clearly it makes sense for all website owners to secure their sites with an SSL certificate since seeing such a message could undermine a visitor’s trust in your site, even if they don’t have to enter personal information.

Furthermore with the new General Data Protection Regulations (GDPR) coming into play from May 2018, having an SSL certificate should help you to comply with these regulations.

Need help to get an SSL certificate?

Give us a call on 01780 740893 to chat about how to go about applying a certificate to your website.

If an SSL Certificate is added to a domain incorrectly, it can cause great damage to your online reputation: your search rankings may drop significantly or non-secure sections of your site may be accessed by visitors. Best to call in the experts!

Read more about these SSL changes here.