A Website without SSL is Like…Sending Mail by Carrier Pigeon
Lately I’ve been seeing an ad on tv for WhatsApp featuring a carrier pigeon. People bring letters to the post office to mail and the man behind the counter folds up their letter and attaches it to a pigeon. You can imagine how people react. Imagine how you would react!
WhatsApp wants consumers to understand how using SMS to send texts exposes their information – making it insecure and easy for others to access – like your mail would be if sent by carrier pigeon. On the other hand, WhatsApp offers a way to send messages where the message is essentially translated into a secret code until it reaches the recipient at which point it is decoded for the person to read (this translation into code is called encryption). Which way would you prefer to send your messages and information?
Secure websites work similarly. When you visit a site and see a padlock next to its address in the browser, you know the site is secure. That means it has an SSL certificate. SSL certificates (SSL stands for secure socket layer) enable the site to encrypt any information that is submitted through the site. Without this encryption, any information submitted through the website (be it your name and email address for an newsletter or your credit card for a payment), could be intercepted by unintended recipients. It’s like attaching your sensitive data to that carrier pigeon.
Do You Really Need SSL on Your Website?
You might be thinking, “I don’t really need an SSL certificate. We don’t exchange information on my website per se. It’s just there to give people information.” But the truth is you still need an SSL certificate. Because if a user tries to access your site and it doesn’t have an SSL certificate browsers like Chrome will intercede and display a warning page.
The warning may be enough to keep someone from ever visiting your site. Don’t take that chance! Plus, you never know when you might want to add a contact form or some other interactivity to your site. SSL is important to make sure that you are protecting people’s information when it’s transmitted over the web. Do not rely on carrier pigeons.
How to Obtain an SSL Certificate for Your Website
Some hosts provide basic SSL certificates for free. Check in your control panel or contact your host to see if this is an option. If your host doesn’t have a free option or if you want/need something that has a higher level of verification, you may need to purchase a certificate. You can find purchase options by searching for “purchase ssl certificate”.
What Level of SSL Security Do I Need?
Before an SSL certificate is issued, the issuer validates the website in some way. The different levels refer to how much validation is done before the certificate is issued.
There are three levels:
- Domain Validation
- Organization Validation
- Extended Validation
What’s the difference between the levels of SSL authentication? Basically, the difference is how much work is done to verify your organization before a certificate is issued. Here’s an overview:
Domain Validation
Validates that you own the domain. This is the type of certificate issued by Let’s Encrypt because this type of validation can be automated.
Organization Validation
This is more involved. In addition to domain verification, the issuer checks the following:
- Verifies Organization
- Locality Presence
- Telephone Verification
- Final Verification Call
The SSL Store explains what’s involved with each of these verification steps.
Extended Validation
This includes everything for Organization Validation plus:
- Enrollment Form
- Operational Existence
- Physical Address
- Domain Authentication
Again, the SSL Store provides a great explanation of these verification steps.
Does a higher level of certificate provide better encryption for the data?
No. The SSL encryption is the same no matter what level of certificate you purchase. What’s different is how safe a customer might feel submitting that information. Remember just because you have an SSL certificate does not mean you are a legitimate business. The validation levels help a customer know that you have been vetted.
How to Install SSL on Your Website
Keep in mind that SSL certificates are not pieces of paper that you hang on your wall or next to your computer – they are files that contain code that needs to be added to your website. When you purchase or obtain a certificate from someone other than your host, you’ll be provided with the certificate files. The code from those files then needs to be added to your site. Some hosts have provisions that allow you to install (add the code) yourself and others will require you to provide the files and the host will install them on your behalf. Look for information on your hosts support documents about installing SSL certificates.
Is Purchasing an SSL Certificate a One and Done Activity?
Once you’ve installed your SSL certificate – you’re good to go…for about a year. Even if you bought a certificate and paid for multiple years, the certificate will expire about 12 months after it is issued. So, you might not need to pay again at that point depending upon the length of certificate your purchased, but you will need to get a new certificate from your provider and install it on your site.
Keep track of your expiration date and set yourself a reminder to check on the certificate in a couple of weeks before it expires. Make sure you know how to get an updated certificate (if you don’t already have one available in your account) and then make sure that certificate is installed on your site so that you don’t have a lapse in security on your site. This may involve downloading files from your certificate provider that then needs to be installed on your site again.
Tip for WordPress Users
If you’re on WordPress and don’t have an SSL yet, there’s a plugin for that. Really Simple SSL will guide you through the process of getting a free SSL and installing it on your site. They have a detailed set of instructions to help you through the process.
Even though Really Simple SSL only validates your domain, remember that the data encryption (protection for your users) is the same no matter what level of validation is done to issue your certificate.
Help! SSL is overwhelming. Isn’t there an easier way?
I wish there was an easy way to explain how to setup SSL for any website, but because all hosts are different, there is no one standard way. But I will tell you that putting the work in to get SSL setup on your site is worth it and necessary.
Feeling overwhelmed or frustrated and tempted to just send your information by carrier pigeon? Don’t feed the birds. Contact flyte today. We can help…we do this every day.
Kate’s been on many different flight paths during her life, landing at flyte after having earned a degree in electrical engineering (so long ago that she remembers something about Ben Franklin flying a kite) and then spending the last 12 years serving as the pastor of a local church. She started learning to code at a very young age (on a DOS computer) and is looking forward to collaborating with the flyte team to leverage all that technology can offer.
Now that she doesn’t work nights and weekends, she looks forward to figuring out what she likes to do with her free time while accompanied by her wife and Millie the Whoodle.