How Do Businesses Get an SSL Certificate For Their Website?

You may have heard that you need an SSL certificate for your website. So, what is it and how do you get one? 

An SSL certificate is a digital certificate providing proof of identity, authentication and enabling an encrypted connection. They are stored and displayed by website owner’s server.  

What is SSL? 

Secure Sockets Layer, first developed in 1995, is an encryption-based internet security protocol. SSL is the predecessor to TLS (Transport Layer Security), and was developed by Netscape to ensure the privacy, authentication and data integrity of internet communications. 

TLS is the modern version of SSL, however the term SSL remains commonplace. TLS and SSL are very similar, and when the term SSL is used today, it is almost always referring to TLS. 

SSL provides privacy by encrypting data transmitted across the web; anyone intercepting the communication will simply see a mix of seemingly meaningless characters. Without SSL, data would be transmitted in plaintext, so personal information such as credit card details entered on a website would be unconcealed.  

SSL also enables authentication to take place, ensuring devices are who they say they are, as well as providing data integrity, verifying that data has not been tampered with before reaching its recipient. 

A website with a HTTPS web address is utilising SSL/TLS and has an SSL certificate. 

What does an SSL certificate prove? 

Firstly, it is important to note there are different types of SSL certificate. Some are easier to obtain – but having a lower-level certificate has drawbacks such as not being trusted by certain browsers and often being associated with scams and criminal activity. The levels of security differ greatly among the types of certificate. 

• Domain validated – These certificates only verify who owns the site and are the least-stringent, and the cheapest. 
• Organisationally validated – To receive this level of certificate, the Certification Authority (CA) must validate the organisation, its physical location and its website’s domain name. These certificates provide a moderate level of trust and are a good option for websites dealing with less sensitive transactions. 
• Extended validation – These provide the highest level of security. For this type of certificate, the CA performs an in-depth review of the organisation. This will include examination of corporate documents, confirmation of applicant identity and verification with a third-party database. Once an extended validation certificate is granted, a padlock will be visible in a browser’s URL bar to signify the site is secure. 

Sites with a high-level SSL certificate prove that sensitive information will be kept secure, including login credentials, personally identifiable information, credit card transactions and medical records. 

How do you obtain an SSL certificate? 

Website owners obtain SSL certificates through a Certification Authority (CA). These authorities issue millions of SSL certificates each year, and the cost of a certificate can vary from being free, to costing hundreds of pounds. There is a large selection of certificate issuers online. 

Once you have decided the type of certificate you require, you should then follow the below steps to set it up: 

• Ensure your WHOIS record is up-to-date and matches what you are submitting to the CA 
• Generate a Certificate Signing Request (CSR) on your server; your hosting company should be able to assist with this 
• Submit the CSR to the CA 
• Installing the certificate – this will involve configuring it on your web host or your own servers 

The type of certificate you get and who you get it from will determine how quickly you will receive it; an extended validation certificate can take up to a week. 

Why having an SSL certificate is important 

For a business, having a strong SSL certificate ensures you can prove user data is kept secure, ownership of the website can be verified, spoof versions of the website can’t be created, and to gain user trust. 

SSL certificates assure users that the website is authentic and safe to share private information with. 

Importantly, SSL certificates enable websites to use HTTPS. HTTPS is a secure version of HTTP, and is the indication that data is encrypted using SSL/TLS. Without HTTPS, browsers will likely identify sites as ‘not secure’ and will deter users from accessing them. They will also appear lower in search results. These factors can be very damaging for businesses. You can learn more about the importance of HTTPS here. 

Technically, an SSL certificate can be ‘self-signed’ instead of being issued by a CA. This is achieved by a website generating a public-private key pairing themselves. However, as there is no outside authority to verify it, browsers don’t consider self-signed certificates trustworthy and may still mark them as ‘not secure’, despite the URL using HTTPS. 

How Securiwiser can help 

As part of Securiwiser’s cybersecurity risk assessment, many SSL datapoints are covered when analysing the network security of domains. Securiwiser can identify the validity of SSL certificates including who signed them. They can provide a score as to how this will affect your vulnerability. Try it for free today.