Yambo's Blog

SSL Certificates

Posted by Yambo on 1 January 2017

Tags: ,

As briefly mentioned last year, Google is now pushing ahead with its intended plan to warn visitors if they do not have a secure connection to a website. Google's plan is admirable in wanting to make the web of the future more secure and encrypted. 

SSL - or Secure Socket Layer - is the standard security protocol for establishing an encrypted link between the web server and the visitor's browser. The connection is encrypted and ensures all data passed between the web server and the browser is secure, remaining private. 

The SSL protocol has actually been superseded by TLS - Transport Layer Security - and this is the preferred and most modern cipher suite currently available. Confusion arises because of the reference to SSL, rather than TLS, in the name SSL certificate, but both encryptions are supported and are used in SSL certificates.

 

So what is a SSL/TLS Certificate? 

It proves that the connection between the web server and your web browser is secure and encrypted (https://), and is authorised by a Certification Authority. The Certification Authority (CA) is a trusted third-party source. This is where the variation in cost comes from, with differing levels of security and guarantees. 

 

FREE SSL Certificates?

There's been a steady increase of FREE SSL certificates recently, and whilst these may have good intentions, invariably someone may use them for dishonest purposes. Making SSL certificates so readily available to 'potential' hackers for free weakens the Certified Authority label, and this is our worry. The on-going security checks is - in a nutshell - what you're paying the extra for. Whilst there are debates about whether CA's should be the ones who are vetting customers, at the moment we would still recommend purchasing an SSL certificate from an authorised body if you have an e-Commerce website.

 

Do I need an SSL Certificate?

Up until Google announced it's plans to give organic search results a boast (albeit only slightly) to sites with HTTPS security, many would have argued that there was no need for an SSL certificate - and would perhaps only recommend one if you were selling products online via an e-Commerce shop.

However, security on the web can never be underestimated. If you'd like the slight boast in rankings and more importantly the extra safety barrier for your customers, then we highly recommend purchasing an SSL certificate no matter what type of website you have.

If you're already a Yambo customer, we'd be happy to set-up the certificate on your behalf either for a single domain or server free of charge - only costing for the annual SSL certificate itself.