Breaking News

SSL Certificate

What is an SSL Certificate and why your site needs one


Have you ever heard of an SSL certificate?

You may have already read some articles and been drowned in torrents of technical information. I will explain to you simply what an SSL certificate is and what it is used for.

An SSL certificate basically meets two needs :

  • Encrypt communications between the visitor's PC (or smartphone) and your website.
  • Authenticate the website with certainty.
Why encrypt communications?

Imagine you're in a hotel, connected to the wi-fi. When you are surfing the internet, for example to place an order on a website, the data you enter is transmitted through the hotel network.

You would certainly not appreciate it if a member of staff, a technician or a hacker could access the credit card number you have just entered on the screen. How would you do that? Simply by spying on the network. But don't think it's necessary to be James Bond. It's within everyone's reach. 

That's why it's necessary to encrypt communications. Encrypting means making them inaccessible to anyone who isn't the recipient. Only your recipient, in this case the web server of the site you are on, will be able to decrypt the communication.

Why authenticate the website?

It is possible, in certain situations, to impersonate a web server. For example, a malicious web server could claim to be the server of the site you are visiting. And since it is the perfect copy, you have no idea and send it your precious banking information. 

Encrypting communications is therefore not enough. You have to make sure that the web server with which the visitor communicates is the right server, that it is indeed the web server it claims to be. 

What is a SSL certificate?

This is where the SSL certificate comes in. It is a small file located on the web server of the site you are visiting. Thanks to this certificate, the browser will be able to authenticate the site. How does it work? Because this certificate contains a signature and the authority that signed is itself designated as a trusted authority by the browser (Firefox, Chrome, Opera, etc.). Sometimes, the certification authority is not recognized by the browser, but itself has a certificate that has been signed by another authority that is recognized.

It is a bit like if you have to deal with an unknown person, but among your acquaintances you find a trusted friend, or possibly a friend of a friend, who guarantees that this person is trustworthy. This is called the chain of custody.

Once the web server is authenticated, communications can begin. Remember, this is called an SSL certificate. SSL is actually an encryption protocol. The certificate contains a lot of data including the issuer, the date, its lifetime, the name of the website, but it also contains a key to encrypt the data. The most curious among you will be able to learn about asymmetric cryptography and understand all the mechanisms involved. For the others, just remember that no intermediary spying on the network is able to capture the data passing between the browser and the web server.

When the browser is communicating securely with a web server, a small green padlock is usually displayed next to the address bar. And in this address bar, the site has a URL address that begins with https://.

Does my site need an SSL certificate?

A site can function without an SSL certificate. In this case, you do not offer your visitors the possibility to communicate securely with your site. If it is a personal blog, nothing dramatic. But if it is a site on which personal information is likely to circulate, it would be better to secure it and reassure your visitors. Your website will thus give a much more professional image, concerned about the security of its customers' data.

In addition, you should know that Google takes this criterion into account in its referencing algorithm. In other words, having an unsecured site penalizes you in the search engine ranking. Of course, this is only one of Google's many criteria, but it's a shame not to take it into account.

Where can I order an SSL certificate?

There are many Certificate Authorities such as GlobalSign, Thawte, or GeoTrust that offer SSL Certificates that you can order directly, or through resellers such as SSL247. 

However, be aware that most hosting providers also act as resellers of SSL Certificates. It may be more convenient and quicker to order an SSL certificate from your hosting provider, especially if you need support installing it on your dedicated server. On shared hosting, it is usually the hosting provider who takes care of the server configuratio