SSL: What is it and what is it for?

Index of contents

Did you know that one of the most essential components in any secure web transaction is an SSL certificate?

But what is an SSL and what is it for?

SSL (secure socket layer) is a security protocol developed by Netscape Communications that allows the transfer of encrypted data between a user and a web server, or vice versa, over the Internet. SSL is an open protocol, and can be used with any of the most common Internet service protocols (HTTP, FTP, SMTP, etc.), although it is most commonly used for the HTTP protocol.

Any information that is transmitted from a secure server (using SSL) and using a browser that supports SSL technology, will travel over the Internet safe from being tracked, copied and decrypted by any user other than the one involved in the originally established communication.

SSL is used to reduce the risk of theft and manipulation of confidential information (such as credit card numbers, usernames, passwords, e-mails, personal data, etc.) by hackers and identity thieves.

To establish a secure connection, an SSL certificate (also called a "digital certificate") is installed on a web server and performs two functions:

  • Authenticate the identity of the website, assuring visitors that they are not on a fake site.
  • Encrypt the transmitted information.

SSL Certificate Types

SSL Certificates by number of certified domains

There are several types of SSL certificates depending on the number of domain names or subdomains you have, for example:

  • Unique: secures a fully qualified domain name or subdomain (FQDN).
  • Wildcard: covers one domain name and an unlimited number of its subdomains.
  • Multidomain: secures several domain names.

SSL Certificates by verification level

Other types of certificates depend on the level of validation required.

  • Domain Validation (DV): It is the cheapest, can be obtained free of charge from Let's Encrypt and provides basic encryption and domain name registration holder verification. This type of certificate is delivered in a few minutes or a few hours.
  • Organizational Validation (OV): In addition to the above, it authenticates some details of the owner, such as name and address. This type of certificate is delivered within a few hours or a few days.
  • Extended Validation (EV): It provides the highest level of security due to the exhaustive research that is carried out before issuing this certificate as stipulated in the guidelines established by the SSL certificate industry consortium. In addition to authentication of the entity and ownership of the domain name registration, the legal, physical and operational existence of the entity is verified. This type of certificate is delivered in a few days or weeks.

Finally, to know if a website is protected under an SSL certificate, the following characteristics are required: 

  • The HTTP prefix of the URL address changes to HTTPS.
  • Somewhere in the browser window there is a padlock icon, which when clicked opens a window with all the data of the SSL certificate in question, and the data of the CA entity that generated this certificate.
  • A seal of confidence.
  • A green address bar, in the case of extended validation SSL certificates.

In future articles we will talk about the differences between free and paid SSL and see when it is worth paying.

> Share it to whoever may be interested:
> you might also like
> More articles about

Web Design and Development

SEO and SEM

Web maintenance

en_US
es_ES ca en_US