Simple Guide to Understanding SSL Certificates


In this article we explain, in an easily understandable manner, SSL protocol and SSL certificates. We’ll also discuss how SSL is established, types of certificates, and how to choose an SSL vendor.

Newbies and experienced website owners alike tend to misunderstand the purpose of SSL. It’s not for SEO, and it’s not a magic wand that makes your site secure.

In the past, SSL was mostly use for financial purposes – banks, ecommerce sites, payment portal (like Paypal), etc. But times have changed. SSL has evolved.

How modern SSL works – aka TLS vs. SSL vs. HTTPS

SSL encompasses two main aspects: (1) the SSL/TLS protocol, and (2) the SSL certificate.

  1. The SSL/TLS protocol encrypts data “in transit”.
  2. The certificates verifies authority/validity of the site being connected to.

TLS is the updated version of SSL. And although SSL certificates support TLS, everybody still calls them “SSL certificates”. And most people are familiar with SSL due to the HTTPS protocol, with uses SSL/TLS over HTTP.

And as a recent Ars Technica article explained in depth, HTTPS/SSL/TLS are not security

Only security “in transit”.

Your server still needs to be secure, and the connecting computer still needs to be secure.

Insecure/malicious data can still be transmitted over secure SSL!

The SSL handshake explained

SSL was developed in the 1990s by Netscape to create secure tunnels. Thus, ideally, hackers could not intercept traffic. It happens like this:

  1. Handshake begins when browser connects to the server

  2. Browser asks for SSL to verify, server sends SSL.

  3. Browser verifies SSL, determines trustworthiness.

  4. Browser either connects with encrypted data using the public key (found in the SSL certificate), or presents browser user with warning (which can be ignored, but should rarely be done).

  5. After receiving encrypted data with the public key, the server decrypts it with the private key available only to that server.

  6. A session key is created, send to the browser, and the server and browser can now connect in private.

Important Note: SSL Certificates do nothing for on-server or on computer security. It’s just the transit that’s encrypted!

4 Main Types of SSL Certificates

1. Domain Validation (DV):

The CA (certificate authority) verified ownership of the domain, usually by simply emailing postmaster@ on the domain. The certificate is issued with ownership is verified. This is a very basic verification, and is best for SEO, email, or connecting to cPanel.

2. Domain Validation (DV) with Wildcard:

This allows for subdomains to be covered by the SSL, and costs exponentially more. Wildcard is not available for OV and EV.

3. Organizational Validation (OV):

The identity of the organization is verified by the CA, and will also display the company name in the browser beside “ https://”. The is often used by companies with a physical presence, especially online ecommerce stores.

4. Extended Validation (EV):

The most secure of certificates, the EV verifies not only the domain and organization, but legal standing. Unlike DV or OV, which can take hours or days, the EV can take weeks. Corporate and enterprise should pursue these, for ultimate trust. SSL certificate brand plays an important role. It should be chosen wisely. GlobalSign, Comodo SSL certificate, and Thawte certs are some of the leading certificate provider brands among the others. For example, this indoor tracking solution provider website uses Comodo PositiveSSL.

Choosing the best SSL and CA

Most of our customers want SSL for one of 3 reasons:

  1. SEO, since Google currently likes SSL
  2. Ecommerce, to protect customer data in transit
  3. To simply verify that the site is legit, and was not hijacked and impersonated

There are plenty of certificate resellers on the web, offering deals for unreal prices. But their credibility is highly suspect. There are numerous fly-by-night providers waiting to get rich at your expense. Don’t give them that chance.

Imagine a customer is being greeted by a full-page warning that SSL certificate of the e-commerce website is suspicious, invalid, or expired. Such incidents will lead to mistrust, and the business might lose the buyer forever.

Therefore, it’s imperative to choose an SSL vendor with an excellent management program that can keep a tab on expiry and renewal dates of security certificates.

It’s best to buy an SSL certificate from:

  • Directly from the CA, such as Comodo or Thawte
  • From an ICANN-approved registrar, many of which resell SSL
  • From your host, assuming it’s reputable – example: EuroVPS

EuroVPS + managed hosting = secure!

Again, SSL just protects data in transit. Your server also needs to be secured from breaches. And this is where EuroVPS  managed security services come in handy. 

But there is no denying the  psychological impression that high-end SSL certificates make on your web visitors. Securing your connection with SSL/TLS/HTTPS is an easy, affordable, and quick way to if not secure your server, at least secure your web visitors browsing experience!