What the heck does SSL and https mean, and why should you even care?
SSL and https are related to security and encryption of data on your website, and with security becoming more and more important everyday, it has some significant meaning to you as a website owner. This is especially true if you are selling items and taking payments, or collecting any sort of sensitive information on your website.
SSL ( Secure Socket Layers )
SSL ( Secure Socket Layers ) is a method of encrypting information that is transferred between a website browser and the server the website resides on. SSL uses a series of certificates and keys to encrypt the data in only a way the server can make sense of.
Remember when you were in grade school and wanted to make up a secret language with your friends that only your group could understand? Yeah, it’s kind if like that!
The server generates a Certificate Signing Key that is used to encrypt and decipher the information. A 3rd party service issues a Certificate of Security that is related specifially to the domain name. The two together will take information and create a unique language that is transmitted and can not be broken without both keys. And with most modern SSL certificates using 256bit encryption, the language is extremely complex. Using 256bit encryption along with the two key parts (the signing key and the issued certificate), each word is assigned any number of characters to be passed instead of the words themselves.
Here’s a simple encryption example:
Let’s assume we are trying to encrypt the word “password.” We will use a very simple key of “hhjf8yw3fycubfiwjvc6s87cfqu3b2pjf0wyc9qvf2nf029fucq” (signing keys are much longer and more complex than this!) Using a simple 256bit encryption, “password” would be converted to “G0eIjgwtQ/9amwTj4kMTJa9j7ZKr3wcUR3M0+dV6n1g=”
Yeah, good luck trying to decipher that without the key!
An even more interesting example would be “This is a simple password example” being converted to “O3b/pIbL/z++RMCPBwcE5xA2rI0ClHqqNtJRT6UWo/F4FqOab3s6/5qHcIb0ZXXTXuW8MU6xVn04VxL/YL1R4w==”
Therefore the information submitted from a browser to the server is transmitted in a format that only makes sense to the server. Even if someone is sitting there monitoring all of the traffic on your server, without the keys which are issued from 2 separate places, there is no way they could decipher the meaning. This means the data is secure and safe!
https ( Hypertext Transfer Protocol over SSL )
When you look at any website, look at the domain name address box. In most cases, you will notice either http:// or https:// before the domain name. The “S” indicates that the information is being transferred using SSL and should use the proper keys to decipher the data. If you try to access a website with https that does not have an SSL certificate in place, you will often get an error connecting to the server! Both keys, properly installed, are required to make the connection.
Additionally, modern browsers are using visual indicators, such as a lock or green bar located at the web address box to indicate that the website is secure. When you see the https, the information is being sent using the SSL method of encryption.
Why Should You Care?
Well, maybe you don’t. But if you run an ecommerce store, collect sensitive data or want to limit access and protect even smaller items like passwords, SSL and https will make a tremendous difference. Most credit card processors will not allow you take payment without the SSL certificate in place over an https connection. Most users will not submit any sensitive information without the security in place. And encryptiing even CMS passwords can help prevent a hacker from intercepting your password when you log in.
Additionally, major search engines like Google are giving higher credence to secured websites. Hacking and insecure sites are becoming a major problem online today, so even the search engines are looking for the best quality of website possible in their search results.
Big Head Web Host offers SSL security certificates for our clients to help secure your website data. Let us help you get your website secure today and protect your business!