From summer 2018 Google Chrome will start to show websites as “Not Secure” if they do not provide a HTTPS connection.
In the past few years the price for an SSL certificate has dropped significantly and so has the ease in which they can be deployed. For those of you who don’t know what this is or where to get one, we can help. We’re going to define what an SSL/TLS certification is, how it can help your site, and where you can get one for free.
[button size=” style=” text=’I know what an SSL Certificate show me some providers’ icon=” icon_color=” link=’#freessl’ target=’_self’ color=” hover_color=” border_color=” hover_border_color=” background_color=” hover_background_color=” font_style=” font_weight=” text_align=” margin=”]
What is an SSL/TLS Certification?
SSL is an abbreviation for Secure Socket Layer, and TLS stands for Transport Layer Security. You’ve most likely seen the end product of these encryption tools. When you go to a website, you may have noticed that the website started with http:// or https:// with a little green padlock, and these are the end products of a SSL/TLS layer we mentioned earlier.
This layer helps to make an encrypted link that connects your customer’s web browser and your website. It streams any data that may exchange between the two in a secure manner, and it blocks out any third-parties from looking at or stealing the information.
If your website doesn’t have a SSL/TLS layer and has an unsecured http:// layer, any third parties can view and take the information that passes between the two sites. This can lead to data breaches if information like usernames, passwords, or credit card numbers pass from your customer’s browser to your site.
The Difference Between SSL and TLS
SSL is the predecessor to today’s TLS certification. Netscape debuted SSL in 1995, and it was originally called SSL 2.0 (SSLv2). This encryption software was upgraded and replaced in 1996 by SSL 3.0 (SSLv3) when Netscape found several large vulnerabilities and holes.
SSL 3.0 was the main encryption tool until 1999 when TLS was debuted. It was marketed as the newest version of SSL, and the TLS encryption tool was heavily based on SSL 3.0’s encryption tool. Today, TLS is currently on TLS version 1.2 and 1.3. It is important to note that you don’t have to dump your SSL certification for a new TLS certification. They’re both valid and accepted, and most people tend to use the term SSL certification as an umbrella term to cover both TLS and SSL certifications because it’s more familiar.
Why You Need a SSL/TLS Certification
In the past, you may not have needed to worry about have an SSL certification with your website. However, as more people started exploiting loopholes to weak encryption, Google started to take it seriously. In 2014, they informed webmasters that SSL was going to be incorporated in as one of their ranking factors. Trying to give your websites a boost to get them high rankings with Google is an insanely competitive market, and having an SSL certificate for your website is a quick and easy way to accomplish this.
In 2017, Google went a step further to ensure that more webmasters complied with having a securely encrypted security layer. They released a statement announcing that that would mark “any sites that begin with http:// that collect passwords or credit card numbers as not secure.”
As you depend on a healthy website traffic flow to keep your page ranking higher on Google and bringing you income, this is the last thing you want people to see when they click on your website. It’s enough to drive your potential customers away for fear of identity theft or a data breach.
Different Types of SSL/TLS Certificates
There are three common types of this encryption certification available, and each one does something slightly different for the website it protects.
Domain-Validated SSL (DV)
A domain-validated SSL certificate is the most common type available. They’re also commonly referred to as a low assurance certificate, and they’re known as being the standard type of SSL certification vendors issue. This type of certification comes with automated validation, and it only makes sure that the specific domain name is registered and that the administrator approves the SSL certification request.
The webmaster can confirm this type of validation by configuring a DNS record for the specific site or by email. It takes anywhere from a few minutes to a few hours from start to finish, and it’s better suited for internal systems.
Organization-Validated SSL (OV)
An organization-validated SSL certificate is another common type you’ll see a lot. This type of certification is commonly called a high assurance certificate. The validation process is more involved, and actual agents are required to validate the domain’s owner along with information about the particular organization. This includes the organization’s name and address including the state, country, and city.
This certification has a slightly longer processing time because the agents will require proof of all of this information, and it can take anywhere from a few hours to a few days to complete from start to finish. Business and companies are the entities that use this type of encryption certification the most.
Extended Validation SSL (EV)
This is the newer type of SSL certification, and it has one of the most in-depth validation processes available. When you get this type of certification, agents will check that the business is a working, legal entity. You’ll also have to provide them with proof that you own the particular domain.
However, if you do all of this and get this certification, your website will display the green padlock that represents security. It can boost your customer’s confidence that everything is encrypted and secure. This can take a few days to a few weeks to complete, and it is recommended for all e-commerce businesses.
SSL/TLS Certifications for Multiple Properties
If you get a single-name SSL certification, but you have multiple domains to protect, it’ll only work on one. For example, if you got a single-name SSL for cookietime.com, it wouldn’t secure baking.cookietime.com.
Multi-Domain SSL Certificates
This type of certification can simultaneously protect upwards of 210 different domains under a single SSL certification.
Wildcard SSL Certifications
This type of certification lets you secure an unlimited number of subdomains that all come from the same root domain under one SSL certification. For example, you want to secure wwww.cookietime.com and any subdomains you may have. You can use the Wildcard SSL certification with the request of *.cookietime.com listed as the site’s common name. This Wildcard certification would then protect www.cookietime.com, baking.cookietime.com, and so on.
What a SSL/TLS Certification can do for Your Website
There are many benefits to having a SSL/TLS certification, and we’ll talk about the most common ones.
You also get authentication in addition to security with a SSL/TLS certification. It ensures that you’re sending your information a legitimate server and not someone who is trying to steal your information. Your customers will be sending their sensitive information across the internet and through several different computers, and any one of these several computers could be an imposter that tries to trick them into giving out their sensitive information.
When you have a SSL/TLS certification in place, any sensitive information is unreadable by these other computers, and this protects their information. You won’t have to worry about your customers having a data breach when they use your site because that’s a fast way to lose business and sink in the ratings.
Payment Card Industry (PCI) Compliance
If your customers purchase things from your site or if they input their credit card information for any reason, you’re required by the Payment Card Industry to have a SSL/TLS certification to stay in compliance. This is one of the audits your site has to pass in order to take and handle sensitive credit card information.
The biggest and most obvious reason why you’d want to have a SSL/TLS certification is increased security. It encrypts any sensitive information that you or your customers send across the internet so only the person you intend to read it can. This is extremely important because any information you input travels from browser to browser until it reaches the destination server.
If your information doesn’t have this encryption, any computer that is between your starting point and the destination server can see all of your information as it travels along. This includes passwords, social security numbers, credit card numbers, and usernames. When it is encrypted, it’s unreadable to everyone except the destination server, and this can prevent things like identity theft.
Today, browsers and websites give visual cues that quickly let your site’s visitors know that it’s secure. These visual cues come in the form of the green padlock or a green address bar. If your customers trust your website, they’re more liable to purchase items or products from it.
It can also help to prevent common phishing attacks. A phishing attack occurs when someone sends your customers an email and falsely claims to be your company in an attempt to get your customer to go to their website by clicking on a link in the email. As you can’t duplicate a SSL/TLS certification, your customers will be less likely to fall into this trap.
Where to Get a SSL Certificate for Free
There are several places where you can get a SSL/TLS certification for free for your website, and we’ve listed the best ones below.
The Linux Foundation collaborated with the Internet Security Research Group to create Let’s Encrypt. It gives your site a free domain-validated SSL/TLS certification, and you can set it up to automatically renew. This allows you to skip manually renewing, installing, and verifying the certificate each year.
CAcert Free Certificate Authority
CAcert has a variety of free SSL/TLS certifications available, but you do have to meet with a CAcert volunteer face-to-face to review your government-issued identity documents. Depending on which certification you get, they expire every six months, 12 months, or 24 months and you have to meet with the CAcert volunteer each time you renew it.
If you want to experiment with SSL, Comodo offers you 90 days of free SSL/TLS certification before you either drop it or purchase it from them. It sets up in minutes, and it comes with the highest-strength 256-bit encryption possible. Also, all of the main browsers like Chrome, Internet Explorer, and Firefox recognize Comodo SSL/TLS certificates.
Cloud Flare is a security and a CDN company that offers universal free SSL/TLS certification. It is very user-friendly, and it sets up in under five minutes. Currently, Cloud Flare has many popular sites that use its certification including Reddit, Mozilla, and Yelp to name a few. If you have an account with Cloud Flare, but it’s not active with SSL yet all you have to do is log in, choose which you want to SSL/TLS enabled, hit the Crypto icon, make sure you have a flexible configuration, and wait for it to go live.
SSL is another SSL/TLS certification company that offers you 90 days free SSL/TLS certification for your website. It is domain-validated and automated, and it sets up in minutes. This company’s SSL/TLS certification is accepted by 99.9 percent of browsers and websites. It also comes with unlimited server licenses, business-class validation and encryption, and more. At the end of the 90 day trial period, you can either switch to a free company or purchase one through this site.
SSL For Free
SSL For Free is another site that gives you a free SSL/TLS certification for your site. It runs on Let’s Encrypt’s ACME server, and it uses automated domain validation to give you your certification. Again, this takes just minutes to set up, and it’s good for an entire year before you have to renew it.
If you have a personal website or a blog, StartCom will give you one unlimited domain-validated SSL/TLS certificate completely free. All you need to do to get this free certification is to validate that you own the domain. This can take a few minutes or a few hours at the most, and you can validate it over email. Once you do, it’s good for an entire year before you have to renew it.
WoSign is another very user-friendly site that gives domain owners free SSL/TLS certifications. These certifications are good for two years before you have to renew them, and they use automatic authentication, so they’re up and running in a few minutes. It’s widely accepted by many reputable browsers as well, and you can request your certification through email.
SSL/TLS certifications are extremely important for anyone who runs a website. Not only can they give you a ratings boost in Google’s search rankings, but they can make your customers feel more secure as they use your site. You’ll get the peace of mind that comes with knowing that any sensitive information that is transmitted to and from your site is secure and safe from data breaches and identity theft. They’re completely free, and you have nothing to lose by having them.