Cythral: Website and Software Developer
Blog
Why you need SSL - Cythral

Why you need SSL

One important aspect of maintaining a website is making sure it is secure. On top of that, you want to establish a high level of trust with your users. One way to achieve both is to install an SSL Certificate on your website, which gets that trusty green padlock to show next to your URLs. This post will go over what SSL is, and how you can benefit from it.

So, what is SSL?

SSL stands for secure socket layer, and is a protocol that encrypts traffic between two servers. SSL was actually deprecated and succeeded by transport layer security (TLS). Today, SSL is used as a blanket term for both SSL and TLS technologies. It is very easy to spot websites with SSL certificates. The first indication is that the protocol (the part that comes before your domain name) will be HTTPS instead of HTTP. In addition, most browsers will color the HTTPS part green and display a padlock next to it. In Chrome 66, it looks like this:

HTTPS in Chrome 66

There are multiple types of certificates you can get for websites.

What are the benefits of using SSL?

There are several ways you can benefit from SSL.

Increased Security

The first way you can benefit from having an SSL certificate installed on your website is that it provides more security for your users. Without SSL, traffic is sent to and from your server in clear text. This makes it extremely easy for someone with a packet analyzer/sniffer to intercept and read that traffic. This becomes especially dangerous if your website accepts payment information - packet analyzers would be able to see your users' credit card numbers.

Better Trust

A side effect of having a secure website is gaining more trust from your users. People would not buy a product from a merchant they do not trust. Similarly, people do not use websites that do not look trustworthy. Having an SSL certificate installed on your website provides your users assurance that you are handling their data properly. Something else to look into for building trust is a privacy policy. In addition to knowing their information is sent to you securely, your users will want to know how you are handling their data once you receive it. In some jurisdictions, it is legally required for a website that collects data from people to have a privacy policy.

PCI Compliance

If you accept credit or debit card payments on your website, you will most likely want to be PCI (Payment Card Industry) Compliant, which is also required by law in some jurisdictions. To meet PCI requirements, you will need to have an SSL certificate installed. In addition, it must not be vulnerable to any known exploits, use a more recent version of TLS (1.2 or 1.3) and have a strong cipher. You can view the full requirements of PCI DSS 3.2.1 here.

SEO Rankings Boost

Google has indicated that websites which use SSL receive a rankings boost in organic search results. Get ahead of competitors for your target keywords and phrases by getting SSL installed.

How to Get SSL

So now that you know what SSL is and how you can benefit from it, how do you obtain a certificate and install it? I recommend using Certbot. With Certbot, you can get free SSL certificates from Lets Encrypt installed on your server with automatic renewals. The only downside to this method is that you cannot get Extended Validation certificates. For those, you'll have to buy from DigiCert or Comodo.

Needing help with configuring SSL on your server? Submit a free inquiry today. I can install SSL for you in under an hour.