• What is SSL and Why Should You Be Using It?

What is SSL and Why Should You Be Using It?

Posted by Evan Brophy | Rare Thinking |

It’s important to make sure your customers feel secure when exploring your website, especially when it comes time to input personal information. SSL (Secure Sockets Layer) is a standard security protocol that uses a signed certificate to encrypt data sent back and forth from your web browser to a web server. Normal HTTP connections transfer data in clear text, which is dangerous when using forms and checkouts. A SSL Certificate provides your site with a small green icon, leading to an increase in overall customer comfort with your site.

SSL certificates have two main purposes...

  1. To encrypt any form data and header meta data that a browser or other applications send to a web server. This provides security in knowing that only the user and the destination server will see important information, like a credit card number, as clear text.
  2. A web browser will verify a server’s authenticity by checking the certificate’s origin. SSL certificates can be purchased from any number of “Certificate Authorities”.

When to use an SSL

SSL certificates were originally used on websites that required encrypting data, including credit card numbers and emails that travelled from one server to the next. Today, it's becoming more common to see them on any website that uses forms and cookies that store user data. Many social sites such as Facebook, Twitter, and Google+ now forward to HTTPS by default.

In addition, any e-commerce site needs to have a SSL certificate. It's not necessarily required to be secured site-wide, but shopping carts and user control panels should be locked down. Generally, if you have a form on your website that may pass sensitive data, or use cookies, you should use an SSL.

Things to keep in mind

The benefits of SSL are vast, but there are certain aspects of a site-wide SLL that should always be considered.

  • Workload. It’s important to prep for the workload that will be associated with a site-wide SSL. All content on a webpage must use HTTPS or the user will see a broken SSL icon in their browser.
  • Third-party tools not supporting HTTPS. Some CDNs (Content Delivery Network), analytics tools, ad providers, and other third party tools may not support HTTPS.
  • Encrypted data issues. Caching services such as Varnish do not deal with encrypted data, so you may need to set up a proxy as a load balancer to deal with decrypting the data. User supplied data, such as adding images in a comment section, may also cause issues.
  • Maintenance. SSLs require on-going tracking and maintenance, in order to ensure that the certificate has expired.
  • Updates. Updates may be needed to SHA-256 certificates due to changes made by Google and Microsoft.

Have a website that passes crucial data back and forth to a user's browser? Use HTTPS. When building a new website, there should be plans to support HTTPS from the get-go. Today's web is shifting and using much more secure methods of transmitting data. The cost and effort is little, and a bit of security that provides a customer with peace of mind can go a long way.