What Are SSL Certificates?
The most widely used security protocol over the internet is SSL aka the Secure Socket Layer protocol. You may not notice it, but chances are you visit websites using the protocol and SSL certificate daily. And you don't have to be a security expert to recognize it, either.
Check if any website's address starts with HTTPS, which stands for Hyper-Text Transfer Protocol Secure — and by checking for the last character, "S", you’ll know that the website is secured by SSL and a certificate.
Today, the SSL protocol is standard on the world wide web and most major websites are protected by SSL. So, learning about SSL certificates will help raise your awareness of website security. Or at the very least lead to safer browsing habits.
What is SSL?
SSL is a protocol that defines how to establish authenticated and encrypted links between a client and a server within networks. The goal of SSL is to protect sensitive data such as personal credentials and credit card information. The protocol prevents the data from being captured or modified by unauthorized parties. By using SSL, nefarious entities cannot read the contents easily because they are securely encrypted. SSL uses asymmetric key encryption algorithms such as EIGamal, RSA, DSA, Elliptic, and PKCS for encryption.
What are SSL Certificates?
An SSL certificate is a digital file that can be used to authenticate a website's identity and encrypt its contents. As companies encrypt data packers, they can ensure security and prevent unwanted parties from reading the traffic data.
Websites with an SSL certificate have "HTTPS" in their website domain. By checking the domain address, we can see whether a website is secured by an SSL certificate. A certificate file contains not only a public key, but other information about the owner such as the business identity, and the domain and server names.
Why are SSL certificates important?
We know that SSL ensures secure data exchange between two parties. However, this is not the only reason. Since 2014, Google has encouraged websites to acquire SSL certificates and change domains from HTTP to HTTPS. Today, it’s the norm for new websites to have an HTTPS domain.
Because of the push by Google, 95% of websites on Google have an SSL certificate — and 99% of browsing time on Google Chrome is on HTTPS websites according to the SSL statistics. When a website does not comply with its SSL guide, it’s ranked lower by Google. Furthermore, a brand’s reputation and image can be negatively impacted if users don’t trust its website. That’s why certificates are a must. They lend creditability.
Public vs. private key
The SSL protocol uses a pair of keys, private and public, to authenticate and secure connections between two parties. When you get an SSL certificate, you also create your CSR or Certificate Signing Request and that is when you can generate a pair together. In SSL, the public key is open to the public while the private key,is kept secret and only accessible by the owner, you.
A private key can be used to access your server that should be limited to only selected users. Being able to access a server means you can manipulate what is inside the server extensively, not to mention view sensitive data. Because of the potential impact, your private key should be carefully managed.
On the other hand, the public key can be shared with the public. The public key is included in your SSL certificate and the public and private keys work together to ensure your data encryption and verification. By doing this, you assure while your data is being transferred it is not intercepted and read by unwanted parties. Also, those who can access your public key can verify the authentication of your message.
SSL certificates by the numbers
It is worth taking a look at numbers around SSL certificates because they help highlight the importance of SSL certificates.
According to a survey by GlobalSign, 85 percent of online shoppers surveyed answered that they will not shop on websites that are not encrypted. The survey was taken by 6,000 people across Europe in 2014. Considering the survey was performed a while ago, the percentage is expected to grow even higher.
The W3Techs report revealed that, in 2021, 82.2% of the websites use a valid SSL certificate. Five years prior to the report, it was 64.4%, a 17.8 jump. This tells us that more entities have adopted SSL certificates. This implies that more organizations felt urgency around adopting SSL.
When it comes to SSL certificate issuers, nine of them dominate the market. A whopping 96% of all SSL certificates have been written by the nine authorities. Among them, IdenTrust CA boasts 52.7% market share and Digicert Group comes next with 19.7%. Sectigo is the next with a 17% share according to the W3Techs report.
Although the above statistics are encouraging, there are other figures we need to consider.
SSL Pulse conducted research targeting Alexa's top 150,000 websites to understand the adequacy of security. Among them, 59.4% failed to follow best security practices and showed inadequate SSL configuration.
Research by Anti-Phishing Working Group showed that 74% of phishing websites use HTTPS. The research was carried out in 2019 and, in the prior year, the rate was 62%. By acquiring a certificate, they try to camouflage their website as a trustable entity.
How Much do SSL Certificates Cost?
As we mentioned, there are SSL certificate issuers. To acquire a certificate, people need to visit their website and purchase one. For example, one of the big issuers, IdenTrust, charges you $199 per year for a certificate. The second-largest issuer, Digicert, has a price tag of $218 per year for a single-domain SSL certificate. The range of SSL certificate prices vary depending on the type and issuer.
SSL Certificate Expiration and Renewal
When your certificate expires and people visit your website, a warning sign saying, "Not Secure", is displayed on the address bar in their browsers. They also may see a message like "Your connection is not private". All major browsers including Chrome and Firefox warn their users when they visit a website without a certificate or with one that has expired.
A certificate renewal involves configuration. As this renewal guide from DigiCert explains, you need to visit the issuer of the existing certificate and follow their renewal process Once a new SSL certificate is issued, you will need to install the newly issued one. It is a good practice to renew before a certificate expires.
More and more organizations and individuals have adopted SSL and certificates to protect their digital assets and customers from ill-intended entities. Also, by embracing SSL, they’ve ensured their websites won’t be penalized by Google and can prove to their customers that they offer a safe browsing experience. The use of SSL certificates is expected to only rise in the future. If you plan to purchase a certificate, using one of the major issuers can be a safe choice.