HTTP vs. HTTPS: are you wondering what the difference is? To answer your question, "https" stands for Hyper Text Transfer Protocol with a Secure Sockets Layer (SSL). You'll need one if you want your website to appear in search results, and if you don't want a warning message to appear when users enter your website.
What is an SSL Certificate?
An SSL certificate is a security layer that protects your information on the web. When a site’s URL begins with "https," it indicates that it is a secure site. SSL is a digital certificate which contains your domain name, organization title, and physical location with an individualized key.
Besides looking at the URL, you can tell if a site has an SSL certificate by the symbols that appear next to it. A small green icon indicates that that the site is secure, an i with a circle indicates “info” or that the site in not secure because information is missing, and a red exclamation point with a red triangle means that the site is potentially dangerous.
If you want to view a site’s SSL certificate you can do so by opening up the security tab on Google Chrome. Here's how.
How does an SSL certificate work?
When your browser connects with a website that has an SSL certificate, it requests that the site identify itself and provide a copy of the certificate. The browser then checks the validity of the certificate. If the certificate is valid, your browser and the site form a secure connection that protects the information that you enter into the site. This all sounds like it takes a lot of time, but in fact the connection is instantaneous.
Are there different types of SSL certificates?
There are few different kinds of SSL certificates, and you'll want to be sure that you your organization is using the right one.
The first type is domain validation. This is the cheapest and fastest option but also the least secure. All that is being verified is that your organization has control over its domain name. This is all done via email and has a quick turnaround time.
The second type is an organized validated SSL certificate. The process for obtaining this certificate is slightly more rigorous than domain validation. The CA (Certificate Authority) verifies both your domain and information about your organization, such as physical location and legal existence, through personal contact.
The final type is an extended validation certificate. This certificate involves a long authentication process similar to an organized validated SSL certificate, but takes additional time and is usually used by eCommerce sites.
Do your research to see what your organization needs. While some organizations need only a standard domain validation certificate, it's important to choose correctly.
Purchasing an SSL Certificate
You have a few options when purchasing an SSL certificate.
The most common way of getting one is through your hosting provider, but if that isn’t an option, you can also buy one through a third-party site.
Depending on your hosting provider, you may need to activate your SSL certificate after you purchase it. If you use WordPress, Hubspot has great plugin resources to help you through the activation process. If you don't use WordPress, or bought an SSL certificate from a third-party retailer, this article walks you through the steps to activate.
When researching SSL certificates, you may come across information about free certificates. If you are tech-savvy and have DNS (Domain Name System) experience, these are good options to explore as well. However, we don’t recommend them if you are inexperienced as these certificates usually need to be validated more frequently and can become a huge headache if you are unfamiliar with DNS.
Why should my organization’s website get an SSL certificate?
If your organization accepts on-site donations, then you are required to have an SSL certificate in order to comply with Payment Card Industry standards.
It is possible that you process donations via a third-party system such as PayPal. In this case, you are not required to have an SSL certificate, but it is still highly recommended to have one if you are collecting personal information such as name, address, or email via online forms.
Google began giving preferential treatment to sites with SSL certificates in 2017. Sites with these certificates rank higher for SEO purposes than ones without. Visitors also receive warnings that a website is not secure when they enter sites without an SSL certificate.
If you have more questions, there is a ton of information out there about SSL certificates. Here are a few more resources we recommend:
As always, reach out with your questions and comments. We love hearing from you!
This post has been updated from the original.