What are SSL certificates, why use them, what types are there, and how to get one?

What is an SSL certificate?

An SSL certificate is an electronic document that helps your browser ensure that the website you’re trying to open belongs to the desired company. For example, when you visit apple.com, its SSL certificate guarantees that you’re truly visiting Apple’s website and not a fake one created by scammers. This document is installed on the web server where the website is hosted.

Your browser checks whether a website has an SSL certificate every time you open it. If it does, you’ll see the lock icon. If it doesn’t, you’ll see a warning sign. In Google Chrome, for example, it’s the Not secure sign.

Why are SSL certificates needed?

An SSL certificate helps open the SSL/TLS connection between a browser and a website. This is a secure connection through which hackers can’t steal or substitute transferred data. It means a higher level of security for users. They can send sensitive information without worrying that it will fall into the wrong hands and can rest assured that fraudsters didn’t change important data on the website.

What is SSL?

SSL stands for Secure Sockets Layer. It’s a protocol for encrypting, securing, and protecting an internet connection and private information sent between two systems. This prevents cybercriminals from being able to access and change any transferred information.

Over the years, SSL has been improved and updated to TLS (Transport Layer Security). However, this protocol is still commonly called SSL.

How does SSL provide security?

The SSL/TLS protocol keeps a connection secure in three ways:

1. Data privacy and confidentiality. The protocol encrypts all web traffic, preventing it from being stolen. For instance, when you pay online, you send your bank card details to the website. If a hacker finds a way to ‘listen in on’ your secure connection, they won’t be able to see or steal your real card number or CVV code. They’ll only see a set of random symbols because the data is encrypted.
2. Data integrity. Integrity means that transferred data isn’t changed by intruders. For instance, no one has replaced the real payment details with fake ones to make you pay the wrong person. To ensure data is genuine (i.e., unchanged), the SSL/TLS protocol uses hash functions. Two systems that interact over a secure connection constantly compare the hash values of their messages. If they match, the data hasn’t been intercepted and changed.
3. Authentication. SSL/TLS guarantees that a website belongs to the company or person it claims to. To verify a website, the protocol requires an SSL certificate. You may think of a certificate as a blue verification checkmark on Instagram. It helps people avoid fake accounts and be confident that a public figure, organization, or brand is real. The same applies to websites. If they have an SSL certificate, you can trust them.

Who issues SSL certificates?

They’re issued by certification authorities (CA). A CA is a company or organization that validates the identities of entities (such as websites, email addresses, companies, or individual persons) and binds them to cryptographic keys through the issuance of electronic documents known as digital certificates.

How is an SSL certificate verified?

When a user requests a webpage, the server that hosts it sends them a response. It includes a website certificate and other data required for further interaction. To verify a certificate, the browser has to check if:

1. The certificate has a digital signature from a certification authority (CA)
2. The CA is on a trust list. Trust lists are pre-installed in your OS and browser
3. The certificate covers the domain name you’re visiting
4. The certificate hasn’t expired yet
5. The certificate hasn’t been revoked. Once issued, a certificate can’t be taken back from its owner. If a CA realizes that a certificate has been compromised or its owner is no longer on the trust list, it can revoke the certificate by adding it to a specific database. Browsers cross-check these databases to ensure the certificate is still valid.

If the certificate meets all the requirements, the browser starts trusting it as much as it trusts the associated CA.

How to view a website’s SSL certificate

1. Click the padlock icon to the left of the URL.

2. The dropdown menu will open. It may look different in different browsers. This one is Google Chrome. Click Connection is secure.

3. Click Certificate is valid.

4. You’ll see general and detailed information on the certificate.

Types of SSL certificates

There are various types of SSL certificates, each with its own unique level of validation.

• Domain Validated certificates (DV SSL). Domain Validated SSL certificates provide low assurance and require minimal validation. They’re utilized for blogs or informational websites that don’t gather data or conduct online payments. This SSL certificate is cheap and easy to get. Website owners must respond to an email or phone contact to validate domain ownership. The browser address bar shows HTTPS and a padlock but no business name.
• Extended Validation certificates (EV SSL). Certificates of this type are the most costly and prestigious. They are typically used for large, high-traffic websites that collect data or process online payments. If installed, this type of SSL certificate will cause the browser’s address bar to show the lock icon, “HTTPS”, the company name, and the country where the company is based. The address bar should show the website’s owner to differentiate between legitimate and fraudulent websites. For an EV SSL certificate to be activated, the website owner must undergo a regular identity verification procedure to prove they are the rightful owner.
• Organization Validated certificates (OV SSL). This SSL certificate offers a similar level of assurance as the EV SSL one because the website owner must complete a validation process. This type of certificate shows the website owner’s information in the address bar to distinguish fraudulent websites. OV SSL certificates are the second-most premium type of certificate (after EV SSLs) that commercial or public websites need an OV SSL certificate since it provides an extra layer of trust by authenticating the business identity and legitimacy.

How to choose an SSL certificate. A comparison chart

If you’re interested in a price comparison, visit our SSL certificate page to find relevant prices and easily compare them.

How can a website get an SSL certificate?

SSL certificates are important for online transactions and securing data. Want to know where and how to get one for a website? Follow these steps:

1. Make sure the information on your website is correct by using ICANN Lookup.
2. Choose a CA. You can purchase a certificate from your web host provider or a certificate vendor (e.g., Rapid SSL, Comodo, Thawte).
3. Generate a private key and CSR (Certificate Signing Request). You can reach out to your web hosting support for assistance. Don’t share your private key with anyone!
4. Submit your CSR. Wait for the CA to validate your website and issue a certificate for your website.
5. Configure your web server to use the certificate.

In Gcore, you can easily do this in our control panel on the Order an SSL certificate page.

Short summary

An SSL certificate is a digital certificate that helps verify a website owner. It’s an essential part of a secured SSL/TLS connection. All data sent over SSL/TLS is encrypted. Even if a hacker intercepts data, they won’t be able to use it because they can’t decrypt it. An SSL/TLS connection also protects transferred data from being changed by intruders.

If you’re a user, we recommend not sending sensitive information to a website without an SSL certificate. You can verify the certificate by looking at the browser’s URL bar. If it says “secure” with a padlock icon, the website has an SSL certificate.

If you’re a website owner, we recommend getting an SSL certificate. It enforces your website security and builds clients’ trust in your brand.