SSL or Secure Sockets Layer is an encryption technology that allows a secure connection between a web server and a web browser.
To enable this type of security, the website needs to obtain a certificate from an issuing authority who has first verified the identity of those operating the site and their right to use that particular domain.
These issuing authorities (CA’s) must keep detailed records and adhere to strict guidelines for verification and are periodically audited to ensure compliance, to be able to issue the certificates.
Many websites across the internet use this secure technology to protect sensitive information from being intercepted such as passwords or credit card information.
In the past, only sites that accepted payment or had some type of account creation which required users to log in used SSL due to the costs associated with purchasing the certificates that ran anywhere from $100 to $1,500 per year, depending upon the type of certificate and the issuing authority but today, all of that is changing.
Types Of SSL Certificates
There are three main types of SSL Certificates with each one requiring different levels of validation.
Domain Validation (DV) – Requires the website owner to prove they have the right to use the domain.
Many CA’s also perform additional fraud checks to avoid issuing certificates to domains that are similar to other well-established businesses.
This certificate includes only the domain name and is normally the quickest certificate to obtain because the validation can be done quickly.
Organizational Validation (OV) – The website owner is required to prove the rights to the domain name as well as the company name.
Many CA’s may also perform other checks to ensure the validity of the information given.
This certificate will contain the domain name and the company name.
Extended Validation (EV) – This is the highest level of certificate, due to more stringent requirements for validation.
The website owner needs to prove the rights to the domain and company name but also must provide name, address, incorporation or registration number and the jurisdiction to establish the legal identity of the business.
This certificate is the most difficult to obtain and takes the longest time due to the amount of verification required.
You can view the complete list of EV SSL Requirements here.
Additionally, there are other types of certificates that many CA’a also offer such as:
Wildcard SSL Certificates – This certificate covers a domain name and unlimited sub-domains.
Multi-Domain SSL – Normally covers up to 100 different domains, sub-domains or, IP addresses.
How To Tell If A Site Is Secure
Secure websites using SSL are usually indicated with a green padlock in the browser’s navigation bar, the word “secure” and, the https prefix added to the domain name for DV and OV Certificates, as shown in the image below on a Chrome browser.
Clicking on the padlock will confirm the secure connection.
Clicking “Details” will reveal an overview of the security type and if the site is using the latest, most up to date version.
Did you notice the encryption method refers to TLS 1.2 and not SSL?
That is because the next update after SSL version 3.0 was renamed to TLS and since the SSL name was so common, the SSL certificate name still continues to be used.
By scrolling further, you will be able to see if anything is outdated such as the obsolete key exchange mentioned in the image below.
*Note – the last image above is NOT from the Wikipedia site and is included here to show you what to look for.
Websites holding the SSL EV Certificate will be displayed with the company name as well as the padlock, as in the image below.
Again, the EV is the highest level and the most secure SSL Certificate.
If both the DV and OV SSL Certificates looks similar to the end-user, then how can I tell which one has been issued to the website?
I’m glad you asked 🙂
To find that out requires just a little more digging and you will need to view the actual certificate to see that information.
From the images above, you will see the “View Certificate” button.
After clicking view certificate, navigate to the “Details” tab and then click on “Subject”.
This site apparently has the OV SSL Certificate as both the domain name and the company name and address are shown in the bottom portion of the certificate.
If this were a DV SSL Certificate, only the domain name would be indicated.
How To Tell If A Site Is Not Secure
Well, it stands to reason that if a site does not have the green padlock, the word secure or, the https prefix, that the website you are visiting is not secure, however, the Big G (Google of course), has taken things to another level by actually flagging sites that are insecure as shown in the image below.
Note the lower case letter (i) for insecure, enclosed in a circle with just the name of the website in the navigation bar.
Clicking the (i) icon will also spell it out for you as in the image below.
News organizations, in particular, have found it challenging to make the switch to https due to a large number of advertisements and links from content delivery sources that would all have to be https compatible in order to implement it site-wide.
What Does SSL Encryption Do?
Many believe that SSL is only about encryption but there are actually three main components of website security that is handled by SSL which are:
Encryption – This keeps others from seeing what you are viewing on the internet.
Authentication – To ensure you are viewing the proper site and haven’t been diverted to a malicious site.
Data Integrity – Ensures the data hasn’t been tampered with and modified in any which can help prevent man in the middle attacks for example.
The Big Push For Https
While security and online privacy has always been a hot-button issue, there has been an even bigger push the last couple of years to make the web totally secure.
This isn’t only for banks and shopping portals, but for every website on the internet, even if they don’t provide sensitive data.
To help facilitate this goal, Google has adopted an “https everywhere” platform and has announced that there will be a slight preference in ranking for secure websites and has even indicated that preference may become stronger as they continue to move forward with this agenda.
They have stated publicly their plan is to also make new features and apps that will only be supported by https, as did Mozilla who has adopted a similar stance and has announced plans to stop supporting “http” altogether.
The Federal US government issued a directive with their “https only standard” that all federal government websites be secure by the end of 2016.
Even The New York Times issued a public challenge to news organizations a couple of years back to be https compliant by the end of 2015 and has, even with the challenges faced by other news organizations, figured out a way to get it done and has successfully implemented https.
Encryption Is The Wave Of The Future
As you can see, https is the wave of the future and every website owner should be making plans to upgrade as I also plan on doing in the very near future with my sites.
For those of you who have been following this site, you know that I am a member of Wealthy Affiliate and, I am happy to announce that they have just introduced FREE SSL Certificates to every premium member who hosts their sites at WA.
Inside the community, there are also detailed tutorials to help you implement https on your site as well as other members who have experience doing this and are willing to help anyone who needs it.
There are also Live Video class replays to walk you through the entire process.
It’s great to be a part of a community where the owners are constantly working to improve the platform so their members can remain on the cutting edge of the industry.
You can read my review of Wealthy Affiliate right over here to see why I am so passionate about being a part of it.
Need Any Help?
I hope you have found this information useful. If so, feel free to share it with your friends and if you have any questions or comments, please leave them in the area below.
To Our Success!!