Before looking into SSL certificates, I had absolutely no idea what they were or what they did, which is surprising now that I know both of those things because they are very important for websites to have.
In short, an SSL certificate, or Secure Sockets Layer certificate, is a way to encrypt traffic on your website to make it more secure for users so that they are confident their information is secure on your website. This traffic could include transaction details, which is why an SSL certificate is essential for websites that handle transactions.
I’ve also learnt that there are different kinds of SSL certificates and which one you choose for your website requires some careful consideration. There are multiple kinds of SSL certificates that cater to different needs of the certificate holder. Some of these certificates are a Domain Validation certificate, an Organisation Validation certificate and an Extended Validation certificate .
The Extended Validation certificate provides the highest level of security because the applicant must provide a multitude of company details so that the Certificate Authority can verify the existence of the applicant, as well as their identity and their rights to use their website. This certificate comes with the highest price however and not all businesses will need an Extended Validation certificate.
That’s probably a lot to read and understand, it certainly was for me to begin with, so to put it in simple terms, each certificate application process has a different number authorisation steps before the certificate can be issued and the certificates that prove the highest levels of security and confidentiality to users of a website require the most information before it is issued.
There are many vendors of SSL certificates nowadays, as their use has grown substantially in the last few years, but some noteworthy ones are GoDaddy and GlobalSign. Certificates provided from these two Certificate Authorities, or CA’s for short, are trusted by most browsers and devices and have their Root Certificates stored in the browsers/devices root store, which is where the trusted root certificates are held.
The root store is basically a database that is used to store all of the trusted certificates that comes pre-installed with the browser or device.
A very wordy and somewhat techie explanation of what SSL certificates are and what they do, I know, but hopefully it is an insight into what goes into making a website secure for users because I certainly had no idea!
Words: Lewis Leeds