What is SSL?
SSL (Secure Sockets Layer); It stands for Secure Sockets Layer. SSL, designed to protect sensitive data such as credit card information shared by Internet users on websites; a certificate system based on encryption.
SSL is a security solution used to create an encrypted connection between the servers where the contents of websites are stored and internet users.
The purpose of SSL; ensuring that all data transmitted between the server and the browser (a web browser such as Chrome or Safari) remains private. Thus, the transfer of sensitive information over an unprotected protocol is prevented and sites with SSL certificates are no longer the target of cybercriminals.
So how do you know if a website has an SSL certificate?
If a website is protected with SSL, the lock icon appears in the address bar.
When the lock icon is clicked, information such as the authority that issued the SSL certificate and the corporate name of the website owner can be learned. As is known, browsers such as Google Chrome have labeled sites that do not have SSL certificates as “not secure” in recent years; This leads to loss of reputation and increased bounce rates.
When you open a page in Chrome, one of the following icons appears in the address bar. When you click on the icons, warnings such as “Connection Secure”, “Certificate Valid”, “Your Connection to This Site Is Not Secure” will be displayed.
– Secure (The information you share on the site is encrypted with SSL)
– Information / Not Secure (The information you share on the site may fall into the hands of malicious people)
– Unsafe / Dangerous (Do not use the site if possible)
History of SSL
Both TLS and SSL are protocols that help secure data transfer on the internet. Actually, TLS is the more up-to-date and more secure version of SSL, but internet users insist on calling TLS “SSL”. If you’re wondering how the SSL to TLS conversion happened, here are the details:
SSL is a security protocol developed by Netscape in the 90s to encrypt communication on the Internet. Version 3, known as SSL v3.0, was released in 1996 and provided surprising improvements. TLS came onto the scene in 1999. The certificates that are currently being used all over the world and which we call SSL are actually the latest versions of TLS; ie TLS v1.2 and TLS v1.3.
Features of SSL
- All information transmitted over an SSL connection is encrypted with robust and complex algorithms and is almost impossible to decipher. Sensitive data such as passwords and bank information shared by users on a website are transmitted in plain text without SSL, and malicious people can see this data.
- SSL; prevents data loss or modification during transfer.
- SSL, which is used to encrypt and secure communications on the Internet, not only secures communications between a client and a server. It also secures email and VoIP communications.
SSL also helps prevent malicious people from fooling users by designing a website (clicking the lock icon will show the verified official owner of the site).
- One of the criteria Google uses to rank websites in search results is reliability. Google; does not want to send users to unsafe websites. It has been officially announced by Google that sites with SSL certificates will be more advantageous in Google rankings. SSL enables a website to rank higher in Google search results.
- The perception of trust created by SSL certificates has a positive effect on the reputation of businesses and websites. In particular, the survival of e-commerce sites is directly proportional to their meticulous behavior in security. This trust must be established so that customers can share sensitive data on e-commerce sites.
SSL certificates; There are different types according to the level of verification (DV SSL, OV SSL, EV SSL) and the number of domain names they secure (Multi Domain SSL, Wildcard SSL).
In fact, all SSL certificates offer the same level of encryption, but the level of verification for each differs depending on the type of website. The type of SSL that an e-commerce site with a complex payment system should have requires a more comprehensive verification process than a personal website.
DV SSL (Domain Validation) includes automatic verification of who owns a domain name. No documents are required for this SSL type, which can be obtained within minutes. Recommended for personal websites and blogs as it has the lowest level of verification.
OV SSL (Organization Validation), a type of SSL that verifies the legal existence of the organization that owns a website. Ideal for small and medium-sized companies and platforms that collect sensitive user information. When the padlock icon is clicked in the browser, it helps to understand that the site where the OV SSL is installed is the original site.
EV SSL (Extended Validation) is the SSL type with the most comprehensive validation procedures. Suitable for financial institutions and e-commerce stores. Businesses that want to buy the most expensive SSL certificate, EV SSL; It goes through a detailed verification process in terms of the formality of its commercial existence. The business owner has to submit a large number of documents showing that he has full authority over the domain and is the official owner of the institution, so the verification process is long.
Multi Domain SSL is used to secure multiple websites and subdomains with a single SSL certificate. A single SSL certificate depending on the authority obtained; It can protect up to 250 websites.
Wildcard SSL protects a single domain and an unlimited number of subdomains such as forum.yourdomain.com, blog.yourdomain.com. This of course offers greater convenience than using single certificates for each subdomain.
How SSL Works
An SSL certificate is actually a data file that is uploaded to the server where a website is hosted. When you enter data such as credit card information on a website with an SSL certificate, this piece of information is converted to an unreadable string of characters. For example, a password of the form 1234 is converted to a character string such as ^% jfdgrt5/ * u. Thus, even if the data is somehow compromised, it becomes impossible for any hacker to interpret this information.
Technically, the working logic of SSL is based on the following stages:
- When you enter a website, a communication takes place between the browser and the web server where the website is stored: The browser connects securely to the server via SSL (https).
- The server sends a copy of the SSL certificate, including the public key (Almost all encryption methods in use today use public and private keys. These are considered much more secure than the symmetric keys used in the past.)
- The browser checks the certificate and, if valid, generates, encrypts, and returns a symmetric session key using the server’s public key.
- The server decrypts the symmetric session key using its private key and returns an encrypted session key to initiate the encrypted session.
SSL Certificate and SEO Relationship
Search Engine Optimization, or SEO, is known as optimizing your website to get more organic traffic from search engine results pages.
Google’s announcement of SSL as a ranking factor in August 2014 excited those who care about SEO work. Google in 2017; it went even further and started to display security warnings on sites that do not have SSL certificates and request personal information. Thus, the websites; Having SSL has become almost a prerequisite to appear higher in search results.
For this reason, SSL, which is one of the criteria given by Google when scoring a website’s reliability; We can say that it is one of the easiest methods to increase your site’s search engine rankings.
Securing websites with SSL is a necessity, not a luxury. However, SSL, contrary to popular belief, does not focus on the security of your site or directly on your software infrastructure: The focus of the SSL certificate is on the security of data transfer.
What is SSL in a nutshell? We can answer the question as a security solution that helps you gain the trust of your visitors, secure your communication on the internet, and increase your search engine rankings.