What is SSL?
The Secure Sockets Layer (SSL) is one of the most widely used security protocols used on the internet to encrypt the transfer of sensitive data. This security encryption protocol protects sensitive data such as passwords and credit card information as it is transferred between the users browser and the server running the website. It secures this link and prevents data from being intercepted by a man in the middle attack.
All browsers have the ability to communicate with a secure web server over the SSL protocol when an SSL certificate is in place enabling a secure connection. SSL is used extensively across the internet for securing data, especially on websites where transactions are made and confidential bank information is being transferred. SSL certitictaes are also utilised on more basic websites to safeguard passwords, contact form submissions and any other forms of sensitive data transmission
HTTPS creates trust
Web browsers provide visual signs that a website is secured by SSL with icons such as the lock or green address bar that comes with an Extended Validation SSL certificate and the URL of a SSL secured websites beginning HTTPS rather than HTTP. There are also various trust seals available to use on your website from the SSL provider when purchased. Users have come to associate a safe website and their online security with these trust marks, making SSL certitication a highly important factor in increasing user engagement and ultimately conversions.
How does it work?
When a browser accesses a website that is secured by the Secure Sockets Layer, the web server running the website and the users web browser establish a secure connection in a process caalled the SSL handshake.
There are three main aspects to the process of a secure connection via SSL - Public, Private and session keys. These keys can only work with each other and any data that is encrypted by the public key can only be decrypted with the private key and the same the other way around.
The public and private keys are used exclusively during the SSL handshake when the initial secure connection is made. The session key is then used to encrypt all transferred sensitive data within that secure connection session.Do I need an SSL certificate?
There is very little downside to securing your website with SSL. Yes it is an added expense and it can be argued that it has a performance impact as the initial SSL handshake is quite resource intensive. But the benefits do far outweigh the negatives, even on websites where there is not very sensitive data transfer happening.
For websites accepting payment details without redirecting to a third party gateway such as paypal or stripe, an SSL certificate is a requirement for PCI complicance - which is an important legal requirement for e-commerce websites handling credit card information.
iNet Digital have extensive experience installing and configuring SSL certificates, so if you are concerned about the security of your web application in anyway, get in touch and we can help.