What are SSL Certificates?

SSL certificates are digital certificates that provide a secure and encrypted connection between a web server and a user's web browser. They are essential to ensure the confidentiality, integrity, and authenticity of data transmitted between the user and the server. If you are a website owner, a valid SSL certificate is vital to protect your customer’s data. Many browsers no longer even load websites that do not have a valid SSL certificate, which makes it almost impossible for users to visit your website.

What is SSL?

SSL stands for Secure Socket Layer. This is a protocol designed to ensure the secure transmission of data over the internet. SSL is a predecessor to the more modern Transport Layer Security (TLS) protocol, but the term "SSL" is often used to refer to both SSL and TLS.

SSL uses encryption algorithms that “scramble” the data that users enter into your website, which makes it impossible for third parties to intercept it. When SSL is correctly implemented, the URL of a website changes to "https://" to indicate a secure connection. 

What is an SSL certificate?

An SSL certificate is a digital certificate that provides a secure and encrypted connection between a web server and a user's browser. While SSL is the overarching protocol that provides security features for internet communication, SSL certificates enable the authentication and encryption aspects of the SSL protocol. 

SSL certificates are always issued by a Certificate Authority (CA). The Certificate Authority is the entity responsible for issuing certificates and verifying the authenticity of the individuals or businesses that order them.

SSL certificates are an absolute must for websites that deal with customer data in any form. This includes websites that use forms in which customers enter personal data (names, addresses, phone numbers, email addresses), as well as websites that process payments. If your website contains the option for customers to make an account and set up a password, it is necessary to use an SSL certificate as well.

How does an SSL certificate work?

This is how SSL certificates work, described in six simple steps:

1. Initiating secure connection: A user tries to open a website that is protected with an SSL certificate.

2. Certificate presentation: The web server responds by presenting its SSL certificate to the user's browser.

3. Certificate validation: The user's browser checks the SSL certificate for several attributes. These include the expiration date, the issuing Certificate Authority (CA), and the certificate's digital signature..

4. Root trust verification: The browser checks if the SSL certificate was signed by a trusted root certificate.

5. Key exchange process: If the SSL certificate is valid and trusted, the server and browser start a process called the "key exchange." The server sends its public key to the browser, and the browser generates a symmetric session key that is sent to the server using its public key for protection. 

6. Establishing a secure connection: The browser encrypts the session key using the server's public key, establishing a secure connection.

How to check if a website has an SSL certificate

You can quickly see whether a website has a valid SSL certificate by checking the website URL in the browser. Many browsers show a padlock icon either in front or behind the website address in the URL bar. Others, such as Google Chrome, show a settings icon in the same spot. Click on this icon to check if this website has a valid SSL certificate.

All major browsers will automatically mark websites that do not have an SSL certificate as “unsafe”. Visitors will receive a warning that this website is unsafe when they try to access it, or the website will be unable to load altogether.

Why do websites need an SSL certificate?

There are several important reasons why every website needs a valid SSL certificate.

• SSL certificates secure your website and online presence: An SSL certificate validates the identity of your website and keeps the data that it receives encrypted and safe. SSL certificates are therefore an important way to signal trust to your audience.

• Websites that do not have an SSL certificate will automatically be marked as “unsafe” by all major browsers: Visitors will receive a warning that this website is unsafe when they try to access it. Some browsers do not even allow users to open a website without an SSL certificate, displaying an error message. 99% of browsing time on Google Chrome is therefore spent on websites that have a valid SSL certificate.

• SSL certificates can help improve your SEO score: A website with an SSL certificate will also rank higher in search engines, compared to websites that do not have one. Sometimes, search engines might even not show any search results from websites without SSL.

Types of SSL certificates

We can divide the different types of SSL certificates into two groups: one group based on validation level and one group based on the number of domains that the certificate covers. For each SSL certificate you order, you need to decide which level of validation you need and which number of domains you want the certificate to cover.

DV, OV, and EV SSL certificates

• Domain Validated (DV) certificates: DV certificates offer a basic layer of protection. They are a suitable choice for websites that are strictly informational or entertaining and that do not gather data from customers or visitors in any way. If you run an e-commerce store, or if your website includes a contact form for visitors or prospective customers, DV protection is not enough.

• Organization Validated (OV) certificates: Small to medium-sized e-commerce businesses and websites with contact forms need an OV certificate. This type of SSL certificate offers a larger amount of security for personal data and payments. They are also slightly more expensive than DV certificates, and the validation process takes slightly longer.

• Extended Validation (EV) certificates: EV certificates offer the highest amount of protection and are meant for large enterprise businesses. They are the most expensive certificate type and require the highest amount of validation.

Single-domain, wildcard, and multi-domain SSL certificates

• Single-domain certificates: These SSL certificates cover a single domain. If you have a personal website or a small online business, a single domain certificate is likely the best option for you. A single domain certificate will cover both ‘your-domain-name.com’ and ‘www.your-domain-name.com’.

• Wildcard certificates: Besides the “main” domain, a wildcard SSL certificate also covers all of the subdomains under this particular domain name. For example, for Openprovider, support.openprovider.eu would be considered a sub-domain that would be covered. Wildcard certificates are more expensive than single-domain certificates.

• Multi-domain certificates: The most expensive type of SSL certificates, these cover multiple domains at once. Multi-domain certificates are mostly used by larger organizations.

How to get an SSL certificate?

You can buy SSL certificates from most domain registrars and hosting providers. If you get a hosting package or hire a web designer or agency to create a website for you, the SSL certificate is often included. If you want to buy your own SSL certificate for the lowest price, you can do so in a few clicks through the Openprovider control panel.

There are also free SSL certificates available on the Internet. These offer a basic level of security. Free SSL certificates are issued without any validation process. Domains that use free SSL certificates have not verified their personal and business identities and could therefore be run by malicious third parties. Paid SSL certificates involve a validation process and are therefore more trustworthy to your visitors and customers.

As a domain owner, you will also have to renew your free SSL certificate every three months, as it is not possible to issue these SSL certificates for a longer period. Opting for a paid SSL certificate takes a lot of administrative work out of your hands and reduces the risk of accidental expiration.

How to install an SSL certificate

The exact steps to install an SSL certificate depend on your web server. You will need some basic technical knowledge to be able to install an SSL certificate yourself. Here are some general instructions for common servers:

Apache:

1. Copy the SSL certificate files to the server.

2. Edit the Apache configuration file to include the SSL settings.

3. Restart Apache.

Nginx:

1. Copy the SSL certificate files to the server.

2. Update the Nginx configuration to include the SSL settings.

3. Reload or restart Nginx.

IIS (Internet Information Services):

1. Import the SSL certificate using the IIS Manager.

2. Bind the SSL certificate to the desired website.

3. Restart IIS.

cPanel:

1. Use the SSL/TLS Manager in cPanel to install the SSL certificate.

If you run into any problems or questions while installing your SSL certificate from Openprovider, please consult our Knowledge Base or contact our support team.

Can an SSL certificate be used on multiple servers?

This depends on the type of SSL certificate that you are purchasing. A single-domain SSL certificate, which is the most common type of certificate, is always issued for a specific domain or subdomain and is therefore intended to be used on a single server. However, wildcard (that can secure a main domain plus all its subdomains) and multi-domain SSL certificates (that can secure multiple domains) can be used on multiple servers.

What happens when an SSL certificate expires?

When an SSL certificate expires, you immediately lose the protection that it was giving you, and your website immediately becomes vulnerable to threats. Without the layer of encryption that protects communications between your website and your visitors’s browsers, third parties can easily intercept your customers’s data. On top of that, most major browsers will no longer be able to load your website, showing a warning or error message in its place.

To prevent this from happening, it is important to renew your SSL certificate on time. If you get your SSL certificate at Openprovider, we send you an automated reminder every time your certificate is about to expire, so you have time to top up your balance in preparation for this.

To avoid the manual work involved in renewing SSL certificates and never worry about expiration again, we recommend turning on automatic renewal for all your certificates at Openprovider. You can do this in just a few clicks. With automatic renewal enabled, your SSL certificates will be renewed automatically as long as there is enough balance on your account. If you want to simplify the process even more, you can turn on automated payments to make sure there is always enough balance on your account. 

Another best practice is to register an SSL certificate for multiple years in advance. Depending on the type of certificate, you can order most certificates for 3-5 years at once. Long-term renewals can also be a great way to save money, as SSL prices may increase over the years. With a long-term renewal, you lock in the current price of an SSL certificate for a set amount of years, meaning that you will automatically avoid any price increases that occur in the meantime.

Are you ready to add a vital layer of protection to your website? Get your SSL certificate today!