What is SSL? (Secure Sockets Layer) A comprehensive guide on SSL certificate

SecurityCategory
22 min read
Elijah Charbonneau

Keep reading to learn more about an SSL certificate!

In today's internet-driven world, online security is more important than ever. That's why SSL (Secure Sockets Layer) was created - to provide a secure connection between your website and your visitors. In this comprehensive guide, we will discuss everything you need to know about SSL, including what it is, how it works, and the benefits of using it.

Editor’s note: Got questions about putting your idea online? Get instant answers on GoDaddy Asia Facebook Messenger now.

What is SSL?

There are many risks related to online activity, hence the web industry as a collective has taken steps to make the internet more secure for everyone. Part of that effort has been the adoption of SSL (Secure Sockets Layer).

SSL is an encryption-based internet security protocol that was first developed in the 1990’s by Netscape. It uses encryption to secure the transfer of data between an internet browser and a web server.

In simple terms, SSL scrambles any data transmitted so that hackers aren’t able to steal it.

The URLs of websites that have implemented SSL will start with HTTPS instead of HTTP. The letter ‘S’ signifies that the website has an SSL certificate and your connection is encrypted.

One can safely exchange personal data like email addresses, passwords, and credit card numbers with SSL. This is because no other entities will have the decryption key.

What information does an SSL certificate contain?

An SSL certificate lets visitors to your site know that it’s encrypted and secure. The certificate is a small data file that contains:

  • The domain name the certificate was issued for
  • Who the certificate was issued to
  • The name of the certificate authority (CA)
  • The digital signature of the CA
  • Any associated subdomains
  • The certificate issue date
  • The expiration date
  • The public key

What is TLS?

TLS (Transport Layer Security) is the successor to SSL. Just like SSL, TLS is a security protocol made to encrypt data communications on the internet. A TLS certificate ensures privacy, authentication, and data integrity when connecting from a web browser to a web server. However, TLS uses a more advanced and secure encryption method using stronger algorithms. Because of this, TLS is more secure and is now the industry standard.

Both of the terms, SSL and TLS certificate, are used interchangeably. When we reference modern SSL certificates in this article, we’re talking about certificates using the TLS protocol.

How is TLS different from SSL?

While both SSL/TLS technologies are very similar, there are a few key differences:

  • Precursor: SSL is the precursor to TLS.
    • TLS is an improved version of SSL.
  • Advancement: SSL is outdated and no longer considered secure.
    • TLS is the more modern and secure option.
  • SSL uses a weaker encryption method that is more susceptible to being decrypted by hackers.
    • TLS uses a stronger encryption method that is much more difficult to hack.

Keep in mind that SSL certificates use the TLS protocol. When you purchase a digital encryption certificate these days, it is actually a TLC certificate. SSL is the predecessor but the name has stuck around.

How does the SSL certificate create a secure connection?

An SSL certificate creates a secure connection by encrypting data sent between an internet browser and a web server. When a user attempts to access a website, their browser will initiate what's called a TLS handshake with the server. During this handshake, the browser and server will do several things:

  • The browser will request a copy of the SSL certificate from the server.
  • The server will send the browser a copy of the SSL certificate.
  • The browser will check to see if the SSL certificate is valid and trusted.
  • If the SSL certificate is valid and trusted, the browser will generate a symmetric key and send it to the server.
  • The server will use the symmetric key to encrypt data that’s sent to the browser.
  • The browser will then use the symmetric key to decrypt data sent from the server.

This is how SSL/TLS creates a secure connection between a browser and a web server. The data that’s exchanged between the two is encrypted, so even if it’s intercepted by a third party, it can’t be decrypted and read.

How to tell if a site has an SSL certificate

SSL certificates are issued by a certificate authority such as GoDaddy.  Here are a couple of ways to know that a website is encrypted:

1. The website URL starts with HTTPS:// not HTTP://

Example of a secure URL with SSL certificate

HTTP (Hypertext Transfer Protocol) is the foundation for how most information is sent online. However, it isn’t secure on its own. SSL adds a layer of security and HTTP becomes HTTPS (S meaning Secure).

More and more customers are looking for that “S” in their browser bar before submitting personal information to any website.

2. Lock icon

Website with an SSL certificate shows a lock icon

In the address bar and next to the website URL, your customers will be able to see a small padlock icon when a website connection is secure. Clicking on the icon will confirm the connection status and let your customer view the SSL certificate information.

3. No warning shown

Another way to recognize that a website has a valid SSL certificate is simply by showing up without a warning page. You may have seen one of these — perhaps even on your own website. Browsers like Chrome, Safari, and Firefox warn visitors to websites without SSL certificates and if a certificate is expired or cannot be validated.

Warning sign for website without an SSL certificate

Tips to ensure your online session is safe

Here are a few tips to keep your online session as safe as possible:

  • Make sure the site you’re on is secure. As we mentioned earlier, you can tell if a website is secure by looking for HTTPS:// in the URL and a lock icon next to the URL.
  • Whichever browser you’re using, make sure it’s up to date. Many browsers issue security updates on a regular basis, and these updates often include fixes for vulnerabilities that could be exploited by hackers.
  • Don’t use the same password on multiple sites. If a hacker gets a hold of your password, they’ll try it on other sites to see if it works. Using different passwords makes it much harder for hackers to access your accounts.
  • Use a password manager. To help with the previous tip, a password manager can help you create strong passwords and store them securely. This way, you don’t have to remember all your different passwords, and you can be sure that they’re all strong.
  • Be careful about what you click on. Hackers often use phishing scams to try to trick people into clicking on malicious links. If you get an email or see a post online that looks suspicious, don’t click on it.
  • If you're using a public Wi-Fi network, be aware that these networks are often not secure. Avoid accessing sensitive information (like your bank account) while you're on a public Wi-Fi network.

By following these tips, you can help ensure that your online session is as safe as possible.

Why do websites need an SSL certificate?

Up until a few years ago, having an SSL certificate may have been considered somewhat optional, especially for personal or one-page static websites. But since browsers started displaying Not Secure warning pages to visitors, every website should now have SSL.

Having an SSL certificate also affects where your website appears in search engine rankings. According to Google, SSL is a factor in their search algorithms.

Any website without an SSL certificate will likely not show up high in search results.

Customers are also becoming more attuned to the issue of security on the web. Seeing the padlock icon and HTTPS in their browser will help visitors feel more trust in your business.

Online safety for businesses

According to the Cyber Security Agency of Singapore, there are two main risks when doing business online: keeping company information secure and limiting E-commerce fraud.

To help limit these threats to your business, the agency recommends:

  • Knowing what sensitive information you store online, who has access to it, where it’s stored, and how it’s shared.
  • Putting strict measures in place to safeguard your information, like strong password requirements and daily malware scans.
  • Educating your team and employees on safe online practices and how to avoid harmful things like phishing schemes.

How does a website obtain an SSL certificate?

SSL certificates are issued by a certificate authority (CA) like GoDaddy. A CA is an organization that verifies the identity of the website owner and issues a digital certificate. The CA will verify that the website owner has control over the domain. They will also potentially verify more information about the organization depending on the type of certificate.

Once a customer has purchased an SSL certificate, they may need to generate a CSR (certificate signing request). This is generated on the server they plan to host their certificate on. It contains information about their domain, organization, and country that the CA will use when creating their certificate. The CSR also contains the public key that will be included in the SSL certificate.

After generating a CSR and requesting the SSL certificate, the CA will verify all of the information. If everything checks out, they will issue an SSL certificate to the website owner. The website owner will then need to install the certificate on their web server.

After the certificate is installed, visitors to the site will see HTTPS in the URL and a padlock icon next to the URL. They will also be able to click on the padlock icon to view more information about the certificate and the website's identity.

GoDaddy SSL Certificates Page

If you're obtaining an SSL certificate from GoDaddy, it's a simple process:

1. Start by purchasing an SSL certificate.

2. If the certificate is for a primary domain on a GoDaddy shared hosting plan, you won’t need a CSR. Otherwise, follow these steps for generating a CSR and requesting your certificate.

3. Complete the verification process.

4. Wait for your certificate to be issued.

5. Install the certificate on your website.

Installing an SSL certificate is usually a straightforward process. But if you run into any issues, GoDaddy offers 24/7 customer support to help you out.

Is it possible to get a free SSL certificate?

While there are some CAs that offer free SSL certificates, they are typically only suitable for personal websites or testing purposes. For businesses, it is generally advisable to purchase a certificate from a reputable CA. Paid SSL certificates come with additional features and benefits that can be worth the cost, such as extended validation, warranty protection, and more.

Why is using a free SSL certificate bad for your website?

Free options like Let’s Encrypt can provide encryption for your domain but there are a few drawbacks such as:

  • Difficulty installing the certificate — If you’re not tech-savvy, this process can be confusing and intimidating.
  • No support available — Free Certificate Authorities typically don’t provide support of any kind. This means you will be on your own when it comes to the installation, renewal, and everything in between.
  • Only secures one domain — In many situations, you will want to get an SSL certificate that covers multiple domains.

For these reasons, a paid SSL certificate from a provider like GoDaddy is likely the best bet for most website owners. Every GoDaddy SSL certificate is backed by our award-winning customer support. This means you’ll always have access to our friendly and knowledgeable GoDaddy Guides security experts.

What type of SSL certificate do you need for your website? Factors to consider

Trying to determine what type of SSL certificate you need for your website can feel overwhelming. There are many different options available, and it’s hard to know which one is right for you. To make the decision easier, consider the following factors:

Type of website

If you have a simple personal website, a basic SSL certificate will likely suffice. However, if you have an eCommerce website or a website that handles sensitive information, you will need a more robust certificate that offers additional features and benefits.

Cost

SSL certificates can range greatly in price. Domain validation (DV) certificates typically start under $100 a year. But extended validation (EV) certificates for large organizations can cost well over $1,000 per year. The price you pay will depend on the type of certificate you need and the features you want.

Number of domains to secure

If you only need to secure one domain, you can get a certificate that covers just that domain. However, if you have multiple websites or want to secure subdomains, you will need to get a certificate that covers multiple domains.

Types of SSL certificates and their different validation levels

When it comes to SSL certificates, there are three variations that determine the validation they receive. These are self-signed, enterprise-signed, and public certificates. Let's cover each of these to understand how they're different.

Self-signed

Self-signed certificates are free to generate and can be used to encrypt traffic within internal or testing environments. However, because they are not issued by a CA, they are not considered to be trustworthy. Therefore, internet browsers do not trust websites with self-signed certificates. This means website visitors will see a warning message and there will not be HTTPS or a padlock icon.

Enterprise-signed

Enterprise-signed certificates are similar to self-signed certificates in that they are not issued by a CA. However, enterprise-signed certificates receive validation from an internal Certificate Authority within an organization. This means they are considered more trustworthy than self-signed certificates. They also will not trigger a warning message when used within a local network.

Public certificate

Public certificates are issued by a CA like GoDaddy to an individual or organization. These are the most trusted type of SSL certificate and offer the strongest encryption. Public certificates vary in the level of validation they require. Domain Validation (DV) SSL certificates, for instance, require proof of ownership of the domain. Organizational Validation (OV) SSL certificates require a higher degree of verification of your business or organization. Finally, Extended Validation (EV) SSL certificates require the most stringent validation. This takes into account the legal, operational, and physical existence of an entity.

If you have a personal, professional, or business website that is open to the public, be sure you get a public SSL certificate. These CA-issued certificates will provide the security, trust, and functionality required by web browsers.

Types of SSL Public Certificates (in order of lower to high security)

We've mentioned public SSL certificates, but what about the different types available to you? Let's cover each and explain the differences in security and validation. We'll begin with the easiest to get and work our way to the highest security certificate.

Domain Validated certificates (DV SSL)

Domain Validation certificates are the most basic and also most common type of SSL certificate. They require little vetting and can be issued quickly. A DV SSL certificate only verifies that you are the website owner. DV SSL certificates are best suited to smaller websites that don't handle visitors' personal information.

Organization Validated certificates (OV SSL)

Organization Validation certificates require more vetting than DV certificates. The CA will verify your company name and legitimacy. An OV SSL certificate offers a higher level of trust than DV certificates and are best suited to non-eCommerce businesses and organizations of all sizes.

Extended Validation certificates (EV SSL)

Extended Validation certificates offer the highest level of security and trust. They are also the most difficult to obtain. To get an EV SSL certificate, the CA must verify your organization's identity, legitimacy, and location. EV certificates are best suited to eCommerce businesses and any organization that wants to offer the highest level of security and trust to its website visitors.

It's important to note that each of these SSL certificates offers the same level of encryption and data protection. The difference lies in the degree of identity and organizational verification required. Increased verification means tighter security controls and a higher level of trust.

Editor’s Note: View and compare various SSL certificate options in a single glance here!

More than 1 URL to secure? Consider the following SSL certificates

Wildcard SSL certificates

A Wildcard SSL certificate secures multiple subdomains on a single domain. For example, if you have a website for your main business (www.example.com) and an online store (store.example.com), you can use a Wildcard SSL certificate to secure both sites with one certificate.

Multi-Domain SSL Certificate (MDC) (aka Unified Communications Certificate (UCC):

A Multi-Domain certificate, also known as a Subject Alternative Name (SAN) or Unified Communications Certificate (UCC), can secure multiple domains and subdomains on a single certificate. This is ideal for organizations with multiple websites or those who need to secure multiple subdomains.

If you need to secure multiple domains, you will need to either get a Multi-Domain SSL certificate or purchase multiple Single Domain certificates.

Can an SSL certificate be used on multiple servers?

Yes. If you are using multiple servers, say for multiple domains or subdomains, you can install a compatible SSL certificate on all of your servers. All you need to do is export the certificate and private key from the server where it was originally installed. Then, import it onto the other servers.

You'll need to refer to the instructions on installing and exporting SSL certificates based on the type of servers you are using.

What happens when an SSL certificate expires?

When an SSL certificate expires, it means that the website is no longer secure and any data that is transmitted between the site and its visitors is at risk of being intercepted. This can obviously be a major security issue and alarming for website visitors.

Upon expiry, the site will need to purchase a new certificate and go through the process of re-keying and re-installing it. This can be a time-consuming and tedious process. It's much better to keep track of your certificate's expiration date and make sure that you renew it in plenty of time.

In terms of renewing a certificate, it’s recommended to start the process at least 60 days before your certificate's expiration date. This will give you plenty of time to make sure that everything goes smoothly and you don't run into any unexpected problems.

Again, if your SSL certificate expires, your website will no longer be secure and you will lose the trust of your website visitors. This can have a negative impact on your business, so it should be avoided whenever possible.

How do I install an SSL certificate?

When it comes time to install an SSL certificate, there are a few different ways to go about it. You can choose to self-install the certificate, use a Managed SSL Service, or purchase a one-time SSL Setup Service.

Self-Installation

GoDaddy Steps To Manually Install SSL Certificate

Self-installation is the most common method and is relatively straightforward. However, if you're not comfortable doing it yourself, you'd be better off leaving it to a professional. If you make any mistakes, it can cause problems. As a result, you will need more time to resolve them before your site is encrypted.

Pros:

You retain complete control over your SSL certificate and can make changes as needed. This means you are in full control of making any changes to the CSR or renewing the certificate. Additionally, self-installation is typically less expensive than using a managed service.

Cons:

The main downside of self-installation is that it requires some technical knowledge and can be time-consuming. If you're not comfortable doing it yourself, it's best to use a managed service. You'll also need to remember to renew your certificate so that it doesn't expire and cause harm to your website or business.

Use GoDaddy’s managed SSL services

Instead of doing it yourself, you may prefer to use GoDaddy's Managed SSL or SSL Setup Service. These are especially helpful when you don't have the time, knowledge, or desire to handle everything yourself.

Managed SSL Service

With our Managed SSL Service, we'll take care of everything for you so that you don't have to worry about it. From SSL installation, maintenance, and renewals, we've got you covered. If you're looking for a completely stress-free option, this is it.

Pros:

The biggest advantage of using our Managed SSL Service is that you don't have to do anything. We'll take care of all of the technical details for you. This can save you a lot of time and hassle. Additionally, our team is always available to help if you have any questions or run into any problems.

Cons:

The main downside of using our Managed SSL Service is that it's a bit more expensive than self-installation. However, it's still a very reasonable price and can be worth it for the peace of mind and convenience it offers.

>SSL Setup Service

If you need help with the initial setup of your SSL certificate, our SSL Setup Service is a great option. We'll help you generate a CSR, select the right certificate, and install it on your server. Once that's done, you can take over and manage the certificate yourself or switch to our Managed SSL Service.

Pros:

The biggest advantage of using our SSL Setup Service is that it can help you get started if you're not sure how to generate a CSR or install an SSL certificate. It can also be a good option if you only need help with the initial setup and are comfortable managing the certificate yourself after that.

Cons:

The main downside of using our SSL Setup Service is that it's a one-time service. If you decide to switch to our Managed SSL Service later, you'll need to pay for that separately. Additionally, you'll need to remember to renew your certificate so that it doesn't expire.

Which option is best for you?

The best option for you will depend on your needs and preferences. If you're looking for a completely hands-off approach, our Managed SSL Service is the way to go. If you're comfortable doing some of the work yourself or just need help with the initial setup, our SSL Setup Service can be a great option.

No matter which option you choose, GoDaddy is here to help you secure your website and protect your business. If you have any questions, our team is always available to help.

Can you transfer your SSL certificate?

In terms of transferring an SSL certificate to a new server or hosting company, yes you can. Perhaps you bought an SSL certificate elsewhere or you want to move to a new web host. Either way, you'll need to export your certificate and install it on the new server.

This process is pretty straightforward if you are moving to a server that uses the same operating system and certificate management software. But if you are moving to a different type of server, there will be a couple of additional steps. You will need to generate a new CSR for the new server and have the certificate provider re-key the certificate.

As for transferring an SSL certificate from one domain to another, with GoDaddy, you can also do that. Here are instructions on changing your SSL certificate's common name, which is also called the primary domain name. The steps will vary depending on which type of GoDaddy hosting account you have.

Is an SSL certificate going to 100% keep your website safe?

No, an SSL certificate is not a silver bullet that will keep your website 100% safe. However, you definitely need to implement it as it is an important part of your website security. SSL / TLS certificates offer an encrypted connection, but they do not protect user data before or after it has been transmitted. That’s why it's so important to keep your software up to date and use strong passwords to further protect your site.

Conclusion 

To wrap up this guide, SSL certificates are an essential part of website security. They encrypt communication between your website and visitors' browsers, making it difficult for hackers to intercept and steal sensitive information. Additionally, SSL certificates can help build trust with your visitors and improve your search engine ranking.

At GoDaddy, we offer a variety of different SSL certificate options to meet your needs. Our Managed SSL service is a great option for customers who want someone else to handle the installation and management of their certificate. Alternatively, our SSL Setup Service is a great choice for customers who want our team of experts to take care of everything. And for those who are comfortable installing and managing their own SSL certificate, we offer a variety of different SSL products to choose from.

For even greater security, we offer our Website Security suite. These are plans that offer everything you need to protect your site in one place. This includes SSL, malware scanning, and a firewall. Extra features like DDoS protection, CDN, and secure backups are available.

No matter which option you choose, we'll help you keep your website safe and secure. Secure your website today.