SSL certificates (Secure Sockets Layer) are digital passports that provide authentication to protect the confidentiality and integrity of website communication through browsers. They are used by many companies to reduce the risk of theft and information manipulation. They allow initiating safe sessions with the user’s navigator through SSL protocol, for example, a layer of safe secure, which means the possibility of making «private conversations».
To create a secure connection, an SSL certificate is installed on the web server, which digitally connects the company’s information with a cryptography key. Without this certificate, the information of our clients and our information as users is transmitted through the network without encrypting. Thanks to these digital passports, it is possible to protect credit card transactions, data traffic, user logins and browsing on social networks.
If a company or organization wants to use and process credit and debit card data on its websites it must become PCI Compliance. To achieve this, it is necessary to go through an audit process to verify that certain standards are fulfilled. One of the requirements to be approved is to implement SSL certificates in an appropriate manner.
Any individual or organization that processes data need to implement SSL certificates. Among the many advantages presented we can mention: higher Google ranking, safer customers experiences, protection of both consumers and internal data, trust and acceptance in the audience, encrypted communication from the browser to server and from server to server and improvement of mobile and cloud applications security.
The possible disadvantages could be, on the one hand, the cost. However, this has decreased with the rise of competition and the introduction of new providers such as «Let’s Encrypt». On the other hand, performance. The information that we send has to be encrypted by the server, that’s why it consumes more resources. The performance can be clearly remarkable if there is a high number of visitors but can be minimized with special hardware.
There are different types of SSL certificates, which can be categorized by their validation levels or by the number of insured domains/subdomains.
Levels of validation:
- Domain Validation Certificates:
Validation level: low
How it is verified: the certification authority (CA) simply verifies that the organization has control over the domain.
Indicator: a browser with a secure HTTPS connection.
- Organization Validation Certificates:
Validation level: medium
How it is verified: the CA investigates the organization that makes the request, although not very deeply.
Indicator: the information of the company is shown in the details of the certificate.
- Extended Validation Certificates:
Validation level: stricter level
How it is verified: the CA validates the property, the information of the organization, the physical location and the legal existence of the company. It also validates if the organization is aware of the SSL certificate request.
Indicator: a green address bar with the name of the company.
- Single domain: Single-name
Protects a single subdomain/hostname.
Protects an unlimited number of subdomains for a single domain.
It allows clients to protect up to 100 domains with the same certificate. Different domains are protected with a single certificate thanks to the SAN extension.
Another option of certificate is the Self-Signed Certificate, which is a viable option for private use. These types of certificates are signed by the people who create them (for example, the owner of the website instead of a trusted authority), but they should not be used when there are anonymous visitors on the website.
When hiring a type of SSL certificate it is important to answer the following questions: How many domains do I need to ensure? What kind of website do I need to ensure? How important do you think your client’s confidence is?