SSL (Secure Sockets Layer) is a digital signature that provides a secure encrypted connection between a web server (website) and a web client (browser) via the HTTPS protocol.
TLS (Transport Layer Security) is a protocol based on the specification of the SSL protocol version 3.0, developed by Netscape Communications.
Security certificates are especially necessary for resources that handle users’ personal data, payment systems, and confidential information.
HTTP is the standard protocol that works by default. You enter personal information on a website, and the browser sends it to the server in plain text.
HTTPS is the secure version of HTTP. This protocol is activated after installing an SSL/TLS certificate and encrypts personal information before sending it to the server.
The Difference Between SSL and TLS
The update of the SSL protocol in version 3.0 was standardized by experts from Netscape. This version of SSL received a new name: TLS (Transport Layer Security).
SSL Certificate and Secure Connection
Example: A client places an order in an online store without an SSL certificate (HTTP connection). When they enter payment details and click the “Pay” button, the browser sends the information to the server unencrypted, making it available for interception.
If the site has an SSL certificate (HTTPS connection), a secure connection is established between the client’s browser and the server. Technically, the information is still available for interception, but the browser sends encrypted data to the server, which decrypts it using a cryptographic key. Intercepting data on the way from the browser to the server yields nothing, as it is a stream of encrypted information.
How the Certificate Works
In SSL/TLS encryption, a key is used—this is a way to encrypt or decrypt a message. The operation of the SSL certificate involves three keys:
- Public Key – encrypts the message. The browser uses it when sending user data to the server.
- Private Key – decrypts the information. It is used by the server when it receives a message from the browser. This key is stored on the server and is not transmitted along with the message.
- Session Key – simultaneously encrypts and decrypts messages. The browser generates it for the duration of the user’s visit to the site. Once the user closes the tab, the session ends, and the key ceases to function.
Types of SSL Certificates
- DV (Domain Validation) – for domain validation.
- OV (Organization Validation) – for organization and domain validation.
- EV (Extended Validation) – for extended organization and domain validation.
Certificates of all the mentioned types provide encryption of traffic between the site and the browser. Additionally, they have extra options:
- WildCard – validates the domain and all its first-level subdomains.
- SAN – validates domains from a list specified when obtaining the SSL certificate.
How to Obtain a Certificate
Depending on the client’s needs, both paid and free methods for obtaining SSL/TLS certificates are available:
- Paid – can be ordered from a Certification Authority (e.g., Comodo, Geotrust, Thawte, etc.). This service is paid, and the certificate is issued for a specific time (e.g., 1 year with the possibility of continuous renewal). The price depends on the type of certificate and the strength of the encryption key.
- Free – the leader in issuing free certificates is Let’s Encrypt. The certificate is issued for 3 months and is automatically renewed thereafter. There are no fees for generating and renewing the certificate.
The Impact of SSL Certificates on Ranking
In 2014, Google wrote in its blog, “… so we’re starting to use HTTPS as a ranking signal” – it was from this moment that the mass transition of websites to secure connections began. Although the encryption protocol appeared long before this, at that time, less than 1% of websites used it.
Google uses a large number of ranking factors, and the presence of an SSL/TLS certificate is just one of them.
SEO Specialist Tip: Connecting an SSL certificate will not provide clear advantages in ranking, but its presence is important for user safety and for how your website is perceived against competitors. Some time ago, websites with SSL certificates were considered advanced, now, it is a necessary attribute of security, and HTTPS connections are configured on many sites. The absence of a secure connection can negatively affect trust in your website.
