You may hear the term ‘SSL Certificate’ or ‘HTTPS’ thrown about a lot by ourselves or other techy people… But do you know what they mean and why they’re so important?
You may hear the term ‘SSL Certificate’ or ‘HTTPS’ thrown about a lot by ourselves or other techy people… But do you know what they mean and why they’re so important?
SSL, or Secure Sockets Layer, is a security protocol used by computers to make sure that the link between your computer and the web server is secure. In short, it prevents your information being stolen whilst on its way to the server, and it prevents the server’s information being tampered with on its way to you.
How do I know if my connection is secure?
Browsers (Google Chrome, Safari etc…) will generally let you know if you are using a secured connection by displaying a green padlock icon in the address bar.
Why is it so important?
As mentioned above, SSL keeps your private information secure, and prevents scammers from tampering with webpages. But of course, it’s not guaranteed that without it you would be attacked. It’s a little like leaving your car unlocked, it won’t definitely be stolen, but it’s a silly risk to take when it can be so easily prevented.
The appearance of an SSL certificate also improves a website’s trustworthiness. For example, you should absolutely avoid using any online shopping websites where an SSL certificate is not present. The lack of a certificate shows that the business is not concerned about the security of your private information, which may include very sensitive data like your bank details!
Business owners should also know that websites with SSL certificates rank higher in Google search results (and probably Bing and Yahoo too!). In fact, soon Google are going to start specifically punishing websites that don’t use SSL by reducing their rank and placing a ‘Not Secure’ message on them.
How does it work?
To keep it simple, I won’t go into the nitty gritty of encryption keys and such things here, but rather the way that a secure connection is started between your computer and the web server.
- You navigate to a website in your web browser, let’s say its google.com.
- Your web browser asks the server if it can start a secure connection.
- The server responds by saying it’d be happy to, and then sends a copy of its certificate.
- Your browser checks the certificate, making sure its valid and has been issued by a trusted authority.
- If the browser decides it is happy with the certificate, it will let the server know that it is ready to start a secure connection.
From this point on the browser and server will be sending encrypted data back and forth, which can’t be tampered with or eavesdropped on.
I’d imagine the conversation would look something like this…
