If you equip your website with SSL encryption, data is sent via a secure connection from your visitors’ browser to your servers.
In the browser, the encryption can be recognized by the white or sometimes green lock in the address bar of the browser.
“SSL” stands for Secure Sockets Layer and has become synonymous with the encryption of online data streams. The original SSL format is no longer used – it has been replaced by the newer and more secure Transport Layer Security standard.
Such a secure connection via the HTTPS protocol can be recognized. This is, like the HTTP protocol, a communication protocol for data transmission on the Internet. The difference between HTTPS and HTTP is the encrypted and tap-proof transmission of data using TLS.
Note: HTTPS = HTTP + SSL/TLS
Google moved to set HTTPS as a ranking factor in August 2014. If a website now relies exclusively on the HTTPS protocol, it can receive a small bonus in the evaluation by Google, just like when doing a 백링크작업 (back link work) for your website. This means: HTTPS is a very weakly weighted ranking factor.
In addition to the above carrot, Google has started to show all HTTP connections a “Not secure” at the beginning of the browser line in the in-house browser Chrome.
In addition to the slight ranking boost, the SSL encryption of the site from the point of view of search engine optimization is anchored above all in the fact that the user gains more trust in the website. After all, data streams are protected against manipulation.
Why should I encrypt my website?
Without encryption, all data to be transmitted can be viewed in plain text on the Internet and manipulated by third parties with little effort.
This is especially a problem when sensitive data is transferred to a website. This can be credit card data at check-out, the login name and password at an e-mail provider and personal messages at a social network.
If a website operator decides to send the message “” via an unencrypted connection, you could read this data packet on the way from the browser to the server and would find “Hello World” in plain text.
If an encrypted connection is used, the “Hello World” could only be read out as “” when looking at the data packet, for example. Pretty useless.
Only the server with which I have established an encrypted connection has the necessary information to turn the “” back into a “”.
How does SSL encryption work?
In order for a browser to establish an encrypted connection to a server (a domain), the browser must know whether the server also belongs to the domain for which it claims to be. SSL certificates are used for this purpose.
What is an SSL certificate
An SSL certificate is a method of verifying the authenticity of a website. To do this, a website must apply for a certificate from a recognized certification authority.
These certification bodies call themselves Certification Authorities (CA) and ask for a range of information from the applicant. How much information is required depends on the size of the certificate to be issued.
After the verification of the domain, the public key is also stored with the CA. This cryptographic key is then used to obfuscate the messages. In order to change the message back to its original state, another key is required, the private key. This private key is only permanently installed on the verified server and can decrypt the messages.
The important thing here is that a message encoded with a public key cannot be decoded with the same public key. The instructions on how to encrypt a message can therefore be made freely available, while the only way to decode the encrypted message again is kept behind lock and key.
The keys have different lengths and nowadays you should use at least one key with 256 bits. Better, however, are even bigger keys.
ALSO READ: 10 Security Tips for Your Phone
What are the different SSL certificates?
A distinction is made between three different certificate levels, with different levels of trust. Domain validation (Domain Validation or DV), organizational validation (Organizational Validation or OV) and Extended Validation (EV).
Die Domain Validation
A DV certificate has the lowest level of trust and validates only the domain name. I can prove that a request from domain.de really comes from the domain domain.de, but further information is not requested. This type of certificate is also known as a low-assurance certificate.
Die Organizational Validation
In order to obtain an OV certificate, it is not only checked whether you are the owner of a domain, but also information about the identity and address is checked. In this case, a company must not only prove that it owns the domain, but also that it is the said company and confirm its location. This type of certificate is also known as a high-assurance certificate.
Die Extended Validation
For an EV certificate you not only have to prove that the company exists at the specific location and that it has the desired domain. This certificate is actively checked to see if it is a registered organization that has an active account that can be used to participate in active business transactions. In addition, there is a further verification of the address and telephone number as well as the persons who apply for the EV certificate.
These certificates are the most comprehensive and expensive, but also offer the user the greatest possible security. In addition, modern browsers display the name of the organization next to the browser bar for this certificate type – in Microsoft’s Internet Explorer and Edge browsers, the entire address line is also highlighted in green.
To what extent can the certificates be used?
Most validation types can be created either for a single name (also called a single-name certificate), for a complete domain (including all subdomains, also called a wildcard certificate) or for several domains at the same time (also called a multi-domain certificate).
With a single-name certificate, only the specific host is verified. A certificate is therefore only valid for the www host. If, for example, there were a subdomain, it would not benefit from the certificate of the www host.
A single-name certificate can be used for Domain Validation, Organizational Validation, and Extended Validation.
The wildcard certificate * allows a website operator to achieve certification for all subdomains of a domain at the same time. With a wildcard certificate, both the host and the subdomain are validated.
Important: A wildcard certificate cannot be used together with Extended Validation. Only DV and OV certificates can be wildcard certificates.
With the multi-domain certificate, you can verify several domains and have them combined under one certificate. With this type, we could validate the domain and also together. A multi-domain certificate can be used together with Extended Validation, but the individual hosts must be explicitly defined.
Which certificate do I need?
For your blog or personal website, a single-name domain validation certificate can be enough to secure the passwords of the comment option. The same applies, for example, to forums and the logins there.
For a company website, an Organizational Validation Certificate is recommended so that visitors can give the secure feeling that the website not only bears the name of your company but can also be assigned correctly. Whether you need a wildcard certificate depends on whether you use several hostnames or not.
For all use cases in which sensitive user data such as personal, bank, or credit card data is transmitted, an extended validation certificate should be invested. This not only protects the user data, it signals additional trust to the user via the highlighted view in the browser lines.
Each website operator can decide for himself how important encrypted communication is for their own page. With a blog without a comment function, it would not be necessary from a security point of view to encrypt the user data via an SSL certificate.
However, if you manage your blog CMS via a web interface (e.g. with WordPress), you should think about encrypting the connection at least via a single-name domain validation certificate just because of your own login data.
As soon as you move into the field of e-commerce, care should be taken to ensure that all necessary pages that transmit sensitive data are encrypted.
In addition, a green lock in front of the browser line or even the green company name (for an EV certificate) can increase users’ trust in the page. Google’s move to classify unencrypted HTTP connections as “not secure” in the Chrome browser takes the same line.
With all the advantages that the encryption of your own website through HTTPS offers, there are some points that must be considered before and after the conversion.