The benefits of an SSL certificate

Security is a factor that should never be overlooked, whether on a brochure website, or a site with an extranet or e-commerce system.

A key pillar of good security is to protect data while in transit over the internet between the user and the web server. 

What is SSL?

SSL stands for Secure Sockets Layer. Don't worry about trying to interpret the jargon; in effect it means that between when data is sent between the user's browser and the web server, all data is encrypted while in transit. The browser and server share a "secret key" which means that when the data reaches the other end, it can be decoded.

The important thing is, that if the data is somehow seen in transit by a third party, that third party won't be able to decode the data.

SSL is used on most sites that with private data, and pretty much all sites that handle sensitive data such as customers' banking or credit card details (at least they ought to!).

But...do you trust that website?

It's sometimes not quite enough to use SSL for communication: a person browsing needs to know whom he's dealing with. There's no sense in giving your data to a website when that website is being run by untrustworthies.

So there is the concept of SSL Certificates. A Certificate contains certain information about the company who owns the domain being certified, such as the company name, and its address.

These are issued by Certifying Authorities (CAs), such as GlobalSign and Thawte, who will perform certain background checks before issuing a Certificate for a domain.

Depending on the kind of Certificate, CAs may do simple checks on a domain, a WHOIS check that a domain is owned by a given company, or may even do stringent checks that the company is based where it says it is.

The type of Certificate will depend on the nature of the data being transferred; the simple Domain Certificates may be enough to give users confidence to share personal contact data, while for a site with an extranet perhaps an Organisational Certifcate is better. For e-commerce or financial information the more stringent Extended Validation is necessary.

How do I know if a site is SSL?

As a website visitor there's an easy way to tell if the site you are on has been given an SSL certificate: the browser address bar.

To see if a site is secure, look at the address bar for an "s" at the end of the protocol, for example "https://tribalsystems.uk". This means the site is secure and trusted, if the website doesn't have an SSL certificate then only "http://" will appear (some browsers may show no protocol at all).

Another way to check is to look for a closed padlock icon in either the address bar or status bar that may appear at the top or bottom of your web browser.

For example, this image is from our website when viewed in Google Chrome.

Clicking on the padlock can reveal further information about various permissions and connections that the site is using as well as the company that verified the site.

Search engine optimisation and SSL

SSL can also help with SEO aspects of your website too. Google released on its Webmaster Central Blog  that they are "starting to use HTTPS as a ranking signal" for websites that use HTTPS protocol. Although it is currently only affecting less than 1% of search queries globally, it is expected to rise as more and more sites become secure the ones left behind could fall down the rankings list, as Google are endorsing secure websites more and more.