This is a guide to SSL, how it works, and it provides the total newbie with the right information needed to get started with secure online transactions.
Privacy issues have forced many bloggers, businesses, and even search engines to encrypt all communication over the Internet. Newbie site owners might be overwhelmed with the amount of technical information needed to understand what SSL is, so I put together this SSL for Newbies guide.
UPDATED: 10/10/2014 - SSL is now slowly becoming a requirement for websites, and Google have announced that SSL is now, unfortunately, an SEO ranking factor
Secure Socket Layers (SSL) provide security for your website by encrypting communications between the server and the person visiting the website. This helps prevent eavesdroppers listening in on your communication. In order to use SSL, you need to have an SSL certificate (also known as a Secure Certificate) installed on your server and dedicated IP address.
There are various levels of encryption, the higher the number the more secure it is. The levels are called key lengths and are analogous with passwords. A 128-bit key is analogous with a 128 letter password. There are also 256-bit, 512-bit, 1024-bit and 2048-bit certificates on offer. The number of possible key combinations for a 256-bit key is 2255 (lots) and would take the current worlds fastest supercomputer (Tianhe-2 at the time of writing) 5.452 years to crack. That's a lot longer that the age of the universe (1.3812 years).
You can usually tell if a site is secure and running with an SSL certificate or not because there will be a padlock icon, or a green highlight on, or near the address bar in your browser. Clicking on this padlock will usually give you information about who issued the certificate and who it was issued to.
The primary purpose of SSL is to encrypt the information transmitted between the website visitor and the server. It should be understood that SSL does not verify or guarantee the identity of the remote server, only that the data transmitted between the two is encrypted and relatively secure from eavesdropping. The higher the key length the more secure it is.
✔If you are accepting credit card payments online via a merchant account, the credit card associations and networks require that you use SSL whenever you transmit credit card information, such as the card number, cardholder's name, expiration date, CVV code, etc. Without SSL these companies will not allow you to process transactions. If you are using a payment processor such as PayPal, Google Checkout or Amazon Payments, you do not need an SSL certificate, since you are not transmitting or storing credit card information.
✔SSL should also be used when transmitting personal information, such as names, addresses, account details, passwords. So login forms, account settings, user management forms should also use SSL.
?Non-transnational websites, listings sites, sites with no user information and personal blogs do not currently require SSL. HOWEVER there is a movement to phase out non-secure communications entirely, forcing the entire web to become encrypted. This movement is supported by the likes of Google and Mozilla so there is a high chance of this happening.
Should this transpire, it is conceivable that every website will be required to use SSL in order for a web browser to show the site without warnings. SSL may also become an important SEO ranking factors (Update: It has now become an important factor).
You have have already noticed that when clicking through to a login page, that page takes a little longer to load than the rest of the site. Adding secure certificate and SSL to you website is adding an extra layer of security, but it is also an extra layer which needs to be processed at all levels. Initially the client and the server will need to establish a "handshake" to identify each other. The browser then needs to be able to decrypt and display the encrypted content, the server needs to encrypt and decrypt as well. These all have performance ramifications.
There are several different flavors of SSL certificates, each varying in cost, support and features.
SSL certificates can usually be supplied through your hosting provider, or you can purchase directly from an issuing authority such as Comodo or Verisign. There may be additional installation costs if you need your host to install the certificate for you.
Now that you've read this SSL for Newbies guide, I hope you know understand the importance and benefits of a secure connection. Whether you are the owner or a website, a marketer, or a developer, I wouldn't go rushing out to buy certificates if it is not essential for your site. I'll be waiting to see how the phasing out of HTTP and non-secure sites goes, if anything happens at all, and is the cost of an SSL certificate on a personal blog worth the expense? Will companies start offering low cost certificates?
What are your views on the speculation that SSL will be a requirement for all websites, and what will companies and individuals who cannot afford SSL certificates do?
My website and its content are free to use without the clutter of adverts, tracking cookies, marketing messages or anything else like that. If you enjoyed reading this article, or it helped you in some way, all I ask in return is you leave a comment below or share this page with your friends. Thank you.