payments

What is SSL and How Do SSL Certificates Work?

SSL is what makes modern-day e-commerce possible because it creates an encrypted link between the web server and your browser – making a secure payment system.

Think of it like this; suppose you post a confidential letter through a mailbox. the letter is then taken out of the postbox by a mail carrier and is sent off to its destination. While the letter is in transit, it falls through the cracks of the freight and is gone. However, with SSL the route between the mailbox and its destination is completely secure – making sure hackers can’t get access to your online data. 

In the past, you only needed SSL if your business accepted credit cards or other sensitive details. Google Chrome now alerts visitors that your site is not secure if you accept any information at all, even an email address. So to make sure you have a quality site, you will want to look into SSL. 

What is an SSL Certificate?

SSL stands for Secure Sockets Layer. It’s a technology that enables encrypted communication between a web browser and a web server. SSL can be used by businesses or individuals to decrease the risk of sensitive information being stolen or tampered with by hackers and identity thieves (credit card numbers, usernames, passwords, emails, etc.). 

In order to implement this secure connection, a secure sockets layer certificate, or SSL certificate, needs to be installed. SSL certificates bind a cryptographic key to a website’s details. Once the certificate is installed on a web server, it initiates the padlock as well as the HTTPS protocol and activates the secure connections from a web server to a browser. SSL certificates bind a domain name to the server hostname and the organization’s identity (like a company name) to a location.

The certificate ensures the authentication of the website it was assigned to – guaranteeing visitors that they aren’t on an impersonating site. In the modern world internet security is an essential part of our lives, and SSL protocol has become the standard form of security for any trustworthy site.

SSL vs. TLS

There is no huge difference between the SSL, secure socket layer, and TLS, transport layer security. SSL came first and TLS is the updated version. 

SSL was originally created in 1993 by Netscape. However, it wasn’t released to the public until 1996. When the next version was released in 1999, it was standardized and given a new name by the Internet Engineering Task Force (IETF). The name they gave it was Transport Layer Security (TLS). 

TLS encrypts all kinds of internet traffic and the most common is web traffic. You know your browser is connected via TLS if the URL in your address starts with “HTTPS,” and there’s an indicator with a padlock telling you the connection is secure. TLS can also be used by other applications, including email and Usenet.

Why is SSL Important?

SSL certificates are a security protocol that plays a fundamental part in the protection of our data when we go online. With so many data breaches hitting the news in modern times, it is essential that businesses protect themselves, and their customers, with the use of SSL technology. Here are 3 main reasons why SSL is important.

Encryption

When either you or users enter information into your site, that data passes through multiple touchpoints before it gets to its final destination. Without SSL the data is sent as plain text and you can run the risk of hackers altering that data. As a result, your customer data on your business site can become compromised, causing issues for both your business and your customers. SSL provides point-to-point protection to make sure the data is secure during transportation. 

Authentication

SSL ensures that the information is being sent to and received from the correct server. It protects the data, making sure that a malicious person in the middle is not actually the one impersonating the site. 

Data integrity

SSL connections are secure there is no altering or loss of data during the transportation. This is done by including a message authentication code or MAC. This ensures that the data that gets sent is received without any changes or malicious alterations. 

What is Secure Sockets Layer (SSL) Used For?

SSL protects data submitted over the Internet from being intercepted and viewed by unintended recipients. Here are some examples of instances where it can be used: 

  • To secure online credit card transactions.
  • To secure system logins and any sensitive information exchanged online.
  • To secure email and applications like Outlook Web Access, Exchange and Office Communications Server.
  • To secure workflow and virtualization applications like Citrix Delivery Platforms or other cloud-based computing platforms.
  • To secure the connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange.
  • To secure the transfer of files, such as website owners updating new pages to their websites or transferring large files.
  • To secure hosting control panel logins and activity like Parallels, cPanel, and others.
  • To secure intranet-based traffic such as internal networks, file sharing, extranets, and database connections.

How Does SSL Work?

Normally, a dedicated IP address is a requirement for the SSL installation; to ensure proper functionality, it is recommended to have a separate dedicated IP for each certificate. 

However, it is possible to install multiple SSL certificates using a shared IP address if you use SNI (Server Name Indication) technology. 

Ultimately, the mandatory use of a dedicated IP will be determined by the type of hosting server you use. If your website is hosted by a web hosting service, you should contact them and ask if you need to purchase a dedicated IP address or if they will provide you with an SNI. 

If the server you use is self-managed, check server documentation to see if SNI technology is an option for your machine. 

An SSL certificate contains a pair of keys, a public key and a private key. These keys work together to establish an encrypted connection. As a small business owner, it is important to make sure you are creating a trusted environment where customers feel confident in making purchases. 

SSL certificates create a foundation of trust by establishing a safe connection. Websites will display an SSL certificate badge to illustrate to users that their site offers secure connections. Individuals can secure an SSL certificate from trusted certificate authorities, as well as hosting services, and other third parties. 

In terms of which version of SSL to get – TLS 1.2 is currently the most widely used version of the SSL/TLS protocol. TLS 1.3 (the latest version) is already supported in the current versions of most major web browsers. 

Since the first version of SSL back in the 1990s, new models have been released to improve on vulnerabilities and support the strongest and most secure cipher suites and algorithms. So using older protocols may result in security issues. 

Types of Certificates

There are two different categories of SSL certificates. One is encryption and validation; the other is domain and subdomain numbers. Each category has 3 classifications. 

Encryption and validation:


1. Extended Validation

The EV SSL certificate shows the business name, business country, HTTPS, and the padlock in the address bar so it’s not mistaken for a spam site. These are the priciest SSL’s to get, but they are valuable in showing the legitimacy of your domain from the address bar.

2. Organization Validated

The OV SSL certificate authenticates that your organization and domain validation are real. This certificate offers a moderate level of cryptography compared to the EV SSL certificate. 

3. Domain Validation

The DV SSL certificate presents the lowest level of encryption. It’s the fastest validation you can get and you will only need a few company documents to apply. Unlike EV SSL, the Certificate Authority won’t vet any identity data, so you won’t know who is receiving your encrypted data. But if you’re part of a business that can’t afford a higher-level SSL, a DV gets the job done.

Domain and subdomain number:


1. Wildcard SSL Certificate

If you buy a certificate for one domain, the Wildcard SSL ensures that you can use the same certificate for your subdomains. For example, if you have an e-commerce site and need the certificate for shopping.com, as well as for shopping/shoes.com.

2. Unified Communications SSL Certificate

If you get a unified communications SSL certificate (also known as a multi-domain SSL certificate) you will be able to use the same certificate for multiple domain names. Multi-domain SSL certificates cover up to 100 domains. If you need to alter the names in any way, you can do that with the Subject Alternative Name (SAN) option. 

Examples of multi-domain names you can use are www.small.business.com, www.small.business.domain.com, checkout.my.business.com. 

3. Single Domain SSL Certificate

The Single Domain SSL secures one domain. The thing to remember about this certificate is that you can’t use it to protect subdomains or a completely different domain.

For example, if you purchase this certificate for small.business.com, you can’t use it for blog.small.business.com or 2nd small.business.com.

How to Get an SSL Certificate for My Business Website

The following is a list of items you will need in order to obtain an SSL certificate. 

  • A unique IP address (not necessary but recommended)
  • A Certificate Signing Request (CSR)
  • Correct information in WHOIS database
  • Legal documents vouching for your organization’s legitimacy (for high assurance certificates)

Next is a list of steps you will need to take. 

1. Choose the right certificate

Depending on whether you want to encrypt one site with no subdomains or hundreds of sites – it all depends on your requirements. So first you need to think about what best fits your needs. 

2. Fill in your CSR

A certificate signing request (CSR) is like an application form to obtain an SSL certificate. You will need to fill in your information so the CA can verify your details and issue an SSL certificate. However, keep in mind that the CSR process can vary depending on the server. 

3. Complete the order process

After you finish the first two steps, the CA will send you an order confirmation email after completion of the order. The email will have a configuration link that you can click on and submit your CSR. 

4. Finish the vetting process

After the CA receives your order, it reviews your certificate and conducts a vetting process. The intensity of validation depends upon the type of certificate you purchase.

5. Ensure proper installation

Upon completion of the authentication process, the CA will send your certificate files via email. You need to download them and follow up with their installation based on your server. Note that the installation process depends on your server.

It might also be helpful to see some installation tutorials to give you a firmer understanding. 

Best SSL Certificate Checker Tools

SSL verification is important in making sure your certificate is meeting its standards. There are multiple ways to check the SSL certificate. However, testing through an online tool provides you with much more in-depth information. Here is a list of a few of the best SSL certificate checker tools, or you may have some specific sites that you want to check, in which case you can use a comparison tool

SSL Labs

SSL Labs by Qualys is one of the most popular SSL testing tools to check all the latest vulnerabilities and misconfigurations. For example, they check things like: 

  • Certificate issuer, validity, algorithm used to sign
  • Protocol details, cipher suites, handshake simulation

SSL Checker

SSL Checker lets you quickly identify if a certificate is implemented correctly. Great idea to proactively test after SSL cert implementation to ensure the chain certificate is not broken.

Geekflare

Geekflare has two different kinds of tests. The TLS Test, this one can quickly find out which TLS protocol version is supported. And the TLS Scanner, this one provides detailed testing to find out the common misconfiguration and vulnerabilities.

Wormly

Web Server Tester by Wormly checks for more than 65 metrics and gives you a status of each, including overall scores. The report contains a certificate overview (CN, Expiry details, Trust chain), Encryption Ciphers details, Public key size, Secure Renegotiation, Protocols like SSLv3/v2, TLSv1/1.2.

SSL FAQ


What does SSL stand for?

SSL stands for Secure Socket Locker. It’s a safety feature used to encrypt and authenticate the data sent between a browser and a web server. This ensures the process of exchanging sensitive information is more secure for both you and the visitors to your website.

What is an SSL handshake?

An SSL handshake is a process whereby the SSL client establishes the secret keys used to communicate with the server. The SSL then uses this specified and shared session key to ensure the symmetric encryption of the data being sent between client and server. 

How to check an SSL Certificate online

If the URL begins with “HTTPS” instead of “HTTP,” then the site is secured using an SSL certificate. A padlock icon displayed in a web browser also indicates that a site has a secure connection with an SSL certificate.

Chrome has made it simple for any site visitor to get certificate information with just a few clicks:

  1. Click the padlock icon in the address bar for the website
  2. Click on Certificate (Valid) in the pop-up
  3. Check the Valid from dates to ensure the SSL certificate is current

You can also use an SSL checker to diagnose any problems relating to the installation you are experiencing with your own certificate.

 

It goes without question that your and your customers’ protection is of the utmost importance. So keep your online payments and customer information secure with SSL and connect your small business website to accounting software that saves you money. Try QuickBooks Online for free today.

Related Articles

Looking for something else?

Get QuickBooks

Smart features made for your business. We've got you covered.

Firm of the Future

Expert advice and resources for today’s accounting professionals.

QuickBooks Support

Get help with QuickBooks. Find articles, video tutorials, and more.