It seems just like any old day as you go to pull up your website. But today, instead of your website loading, you see an error message. “Your connection is not secure” your browser screams at you (OK, you just imagine it’s screaming). What’s the deal?
The error message is a sign that you either don’t have an SSL certificate at all, or something’s gone awry with the one you have.
What is an SSL Certificate?
An SSL (secure sockets layer) certificate is a small data file that provides an extra layer of security between a website and a browser. An SSL certificate both serves to authenticate the website’s identity, and to encrypt any information provided through the website. Both of these functions are important security measures to thwart hackers that may want to take over the website, or intercept information your visitors provide during the checkout process or in a form.
How Does SSL Work?
Anytime you view a website, the server that website lives on and the browser you use work together to display the web page you’re on. SSL is a type of encryption that occurs in the connection between the two. A web browser knows how to read the SSL certificate on the site in order to authenticate the website’s identity, and SSL encryption ensures that any information shared between the server and browser is scrambled so that no third-party can access it.
What Information Does an SSL Certificate Contain?
In order to communicate the information a browser needs, SSL certificates contain information that helps verify the website. What specific information is contained varies based on the type of SSL certificate you get, but it often includes:
- The website’s domain name
- The person or organization the SSL certificate was issued to
- The certificate authority that provided it, and their digital signature
- The date the certificate was issued, and the date it expires
- The certificate’s public key, which is half of the equation for encrypting and decrypting data. The other half, the private key, is kept under wraps.
Why Your Website Needs an SSL
An SSL certificate has long been essential for eCommerce websites that process payments, but it’s becoming expected for all types of websites now. Making sure your website has an SSL certificate is well worth it for a few main reasons.
1. SSL certificates improve security
The main purpose of an SSL certificate is to make your website more secure. This is especially important for any type of website that collects sensitive information, such as:
- eCommerce websites that require customers to provide credit card information, as well as details like their name and address
- Medical websites that ask for and share private data with patients
- Any website that requires a login—since people will be creating passwords that need to stay private
- Any website with a form they ask people to fill out, especially if it asks for personal information like last name, phone number, birth date, or where the person lives
All of that information can easily be used against your visitors if a hacker intercepts it. Providing encryption is crucial to keep your visitors safe.
2. SSL certificates earn visitor trust
Keeping visitors safe is the right thing to do from a moral perspective, but it also helps your business gain the trust of your visitors. Most savvy internet users now know how to recognize the signs of a site that has an SSL certificate (even if they don’t know it’s called that). If you want people to feel comfortable providing information to your brand or making a purchase through your website, you have to prove you’re trustworthy first. And SSL is one of the best ways to do that.
3. SSL Certificates boost SEO (search engine optimization)
When you have an SSL certificate, your website starts to show HTTPS at the front of the URL rather than HTTP. Google has said outright that HTTPS is a ranking factor. It may not be as powerful for SEO as creating amazing content or building links, but it still matters. If you care about being found on Google, having an SSL certificate is important.
3. SSL certificates prevent scary error messages for your visitors
Many browsers won’t take users directly to a website that doesn’t have a current SSL certificate. Instead, they’ll see a scary error message warning them that the site isn’t safe. Most of these error pages will include the option to proceed to the site anyways, but with how concerned people (rightfully) are about data privacy and identity theft—why would they proceed after seeing a scary warning like that? Without an SSL certificate, you could lose a lot of visitors before they ever get to the site.
3 Different Types of SSL Certificates
While it’s now best that all types of websites get an SSL certificate, there’s still some variety in how much security a website needs based on the kind of information your visitors will be providing through it. You can therefore choose between three types of SSL certificates that each offer a different level of security.
- Domain validated (DV). DV certificates verify who owns the site. They’re affordable and easy to get, but also offer the lowest level of security. If your website is simple and doesn’t ask users for any sensitive information, you can get the most basic benefits of an SSL with this certificate.
- Organizationally validated (OV). For an OV certificate, the Certificate Authority (CA) which grants the certificate will check to confirm that your organization and domain validation are legitimate. It costs more and takes longer to get than a DV certificate, but it offers more security as well.
- Extended validation (EV). If your website handles any sensitive data like financial information, an EV is the best type of SSL certificate to go for. To get an EV, the CA performs a more comprehensive review of the business, which means it takes longer than the other two types of certificates to get and is more expensive. But it offers the level of security you need for sensitive data.
How Can I Tell if My Website Has a SSL Certificate?
The easiest way to check if your website has a current SSL certificate is to pull it up online, and look at the address bar in the browser. You want to see two main things:
- The letters https at the beginning of the URL
- A little lock icon to the left of the URL
If those are there, then your website has a current SSL certificate. Congratulations! In most browsers, you can find out more information about the certificate you have by clicking on the lock icon.
How to Get a Free SSL Certificate
If your website doesn’t currently have an SSL certificate, then you’ve got no time to lose. If you have a HostGator web hosting plan, good news: you get a free SSL certificate with your subscription. You can find step-by-step instructions on how to enable your free SSL certificate in our video tutorial on the subject. It’s quick and easy, and will immediately increase your website’s security and trustworthiness.