What is an SSL Certificate?

SSL Certificates

An SSL certificate is a digital authentication that certifies ownership of a public key. This key is utilized for the encryption of data sent to and from a browser and a remote server. SSL stands for Secure Sockets Layer, which is a type of cryptographic protocol, or simply a communication protocol. 

SSL certificates use secure communications through HTTPS and a website is considered safe to visit when a padlock icon appears next to the URL in the browser. Think of it as a seal of approval from a certificate authority (CA). 

‍
The cryptographic protocol utilizes a set of rules that requires you to have your certificate and your public key to use HTTPS. In 1999, a new communication security protocol was developed called TLS (Transport Layer Security). TLS was considered to be the successor of SSL. The “key” difference between the two is that TLS fixes some of the security vulnerabilities found in its predecessor. 

Both SSL and TLS are still in use today, however, TLS is now the preferred protocol and the terms are used interchangeably. The certificates do not depend on a particular protocol, but simply certify the public keys the protocols use to communicate. For this reason, SSL certificates are often referred to as SSL/TLS certificates, digital certificates, identity certificates, or public key certificates. For this resource, we will refer to them as SSL certificates, but it is important to note that all of these are one and the same in terms of common use. 

Functions of SSL 

While SSL certification provides security for the end user, there are also other functions of SSL. 

• They safeguard your site from potential cyber-attacks by means of website impersonations. 
• Google and other search engine algorithms give a higher rank to websites that utilize SSL certification.
• Identifying your site as safe and secure assists in maintaining and increasing site traffic. 
• SSL Certification protects end users and internal data.

How Does SSL Work?

The website contains both public keys and a private key. An SSL certificate assigns ownership credentials to a public key and the private key allows you to authenticate your website to internet users.

Did you know? There are over 150 million websites with an SSL certificate on the internet.

The visiting browser and the website server need to build trust to continue conversing and start sharing personal information. This initial introduction phase is called the digital handshake. 

The Digital Handshake

A digital handshake must take place between the public and private keys to allow the end user access to your server’s content. Encrypted information is sent between the client and the server to guarantee data privacy and integrity. 

Here is what that digital handshake between a client and server looks like:

1. Client greeting - An SSL-certified website receives a query from a browser or a server (the client initiates the handshake).
2. Server greeting - The server responds with the SSL certificate.
3. Authentication - The client verifies the certificate and creates and sends an encrypted key back to the server (the public).
4. Decryption - The server decrypts the public key with the private key.
5. Session Keys - The client and server generate sessions keys and they continue the session communication utilizing these newly created keys.
   

Once a mutual trust has been established from the digital handshake, the server and client can maintain the communication with confidence.

What Information is Included in an SSL Certificate Record?

The following verified information is contained within the certificate file to assist in certifying ownership:

• The domain name
• The owner or organization’s name
• The URL(s)
• The state and country in which it was issued
• Digital signature of the certificate authority
• Issue date
• Expiration date
• The public key

SSL Certificate Cost

SSL certification can cost anywhere from $7.88 a year from Namecheap to $1,999 a year from DigiCert. The prices depend on several factors. One of the main aspects to consider is how many domains or subdomains will be protected. The other is what kind of validation will be required in obtaining the certificates. There are different types of SSL certificates: Single Domain, Wildcard SSL, and Multi-domain.

Single Domain SSL Certificate

This type of SSL certificate does exactly as the name suggests—it protects only one domain and subdomain in its hierarchy. 

Wildcard SSL Certificate

The Wildcard SSL certificate is an expansion of the single domain SSL certificate, but it also certifies all of the first-level subdomains in the next level of hierarchy. 

The important thing to note is that these certificates can’t protect subdomains that are one level away from the root domain. For example, if a wildcard SSL certificate was purchased for example.com, it will safeguard news.example.com, blogs.example.com, and billing.example.com. It would not secure support.news.example.com or solutions.blogs.example.com because these subdomains are two levels away from the root domain the certificate was purchased for. 

Multi-domain SSL Certificates

These types of certificates protect any of your domains and subdomains with no limits. Multi-domain SSL certificates do not carry the subdomain level restrictions that the wildcard SSL certificates do. There are no limitations on the number of domains, subdomains, or levels of the subdomains.

SSL Certificate Free

Some vendors offer SSL security at no cost. Here is a list of a few providers:
ZeroSSL - ZeroSSL offers a 100% free SSL certificate. All you need to do is select the domain and the 90-day SSL certificate, generate the CSR, and set up one-step validation. The 90-day certificate can be renewed for free. 

Let’s Encrypt - A free SSL certificate can be obtained from Let’s Encrypt, which is a nonprofit Certificate Authority. It was established by the Linux Foundation as a collaborative project and has provided TLS certificates to 260 million websites. Let’s Encrypt uses ACME (Automated Certificate Management Environment) protocol software that runs on your web host to enable HTTPS on your site.

Bluehost - This hosting provider issues free SSL certificates for all assigned and parked domain names that are set up on their account.

There are some vendors that offer limited-time trials, such as QualitySSL (30 days) and SSL.com (90 days).

Secure Communication is Key

Providing a safe zone for visitors helps establish end-user trust. This comes along with its own benefits, such as increased site traffic and higher Google rankings. SSL certificates provide a mutual assurance by safeguarding your website from potential cyber-attacks. There are multiple types of SSL certificates that are specific to what they certify and offer various price points for different levels of security, including free SSL certificates. It’s important to have a basic understanding of your site’s purpose and opt for a provider and package that will best suit your vision for the website.

Connections are about trust and SSL certification keys establish this between the client and server to allow for protected conversations. 

If you found this useful, why not share it? If there’s a topic you’d like to know more about, reach out and let me know. 

Here are some more interesting reads:

Best SSL certificate services to buy from in 2021: Get the cheapest price today

Top SSL Certificates Buyer’s Guide

A Simple Explanation of SSL Certificate Errors & How to Fix Them

Primary vs Secondary DNS Servers

What is a Top-Level Domain (TLD)?
When you navigate through the internet, you want to feel secure. You don’t want to question a website’s validity. SSL certificates are a means of providing safe communication between a visitor’s browser and a website.