figures
Blog

What is SSL and Why Is It So Important

Admin Globaldots
24.02.2016
image 4 Min read

Nowadays, the biggest and the most critical concern in the world of Web business are privacy and security. Without security, there is no customer trust, and without customer trust, a web business won’t be able to go a long way. So let’s talk about SSL.

SSL is an acronym for Secure Sockets Layer – it’s a standardized protocol that provides privacy and confidentiality between two applications communicating using TCP/IP. In other words, it allows sensitive info such as credit card numbers, social security numbers and login credentials to be transmitted securely.

ssl

Image Source

Why do we need SSL? Simple; because data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. The HTTP protocol uses SSL to secure communications between a server and the browser. Without SSL, an attacker is able to intercept all data being sent between a browser and a web server and see and use that information. Your customers won’t trust your website without an SSL certificate.

Statistically, nearly 70% of online shoppers cancel online orders because they don’t trust the transaction. An SSL certificate and a site seal is a must have for a retail website in this age of the web. No SSL = 0 conversions.

Let’s talk about the two main purposes of SSL certificates:

1. It establishes integrity of the communication by checking the identity of the server; the browser verifies that the server’s certificate is valid and being used by a website for which it has been issued by a Certificate Authority that the browser can trust.

2. It provides a cryptographic key of the server – that key is used to encrypt all the data sent between the server and the client preserve and protect the data, making it safe from any unwanted use. That way, all the user’s sensitive data doesn’t get stolen and the user’s privacy is safe.

A SSL certificate is basically like a electronic ID card that are issued to servers by trusted authorities. Just like servers, clients can also have certificates, but unlike a server, a client certificate is not mandatory for SSL communication.

How does the Secure Connection process look like?

When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an SSL Handshake. It’s invisible to the user and happens instantaneously. Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa. Then the session begins and 5 steps take place:

1. Browser connects to a website secured with a SSL. The server starts identifying itself at the browser’s request.

2. The Server sends a copy of it’s SSL, including the public key.

3. The Browser checks the certificate root. If everything checks out, it creates, encrypts and sends back a symmetric session key using the server’s public key.

4. The Server decrypts the symmetric session key and sends back an acknowledgement encrypted with the session key to start the encrypted session.

5. Server and Browser now encrypt all transmitted data with the session key and the transaction takes place.

There are over 10 types of SSL certificates, but you should focus on the top 3:

  • Wild card (shaped) certificate – helps enable SSL encryption on unlimited sub-domains using a single certificate as long as the domains are controlled by the same organization and share the same name
  • Multi-domain certificate – MDC makes it possible to secure up to a couple of hundred domains on the same server with a single certificate. This solution is best for businesses that have multiple unique domains on a single server – this is the best choice to save you money and time while securing a high level of trust and security.
  • Private certificate – customers purchase their own SSL certificate and have a dedicated IP address on each server for the domain for which the certificate was purchased.

How to choose the right SSL certificate? It depends a lot, based on the organizational and technical concerns, every business is different. There are a few guidelines though:

  • if you have numerous custom tabs on your Facebook fan page all on the same domain (*.domain.com), a wild card private certificate is a great choice.
  • if you have multiple businesses go for a MDC, because you can share the same certificate with every branch on the tree. an MDC is just as secure as a private certificate. Plus, it is a whole lot cheaper per domain.
  • if you’re not on a tight budget and unique non-technical reasons, a private certificate is the way to go.

CDNs go hand in hand with SSL

Establishing a SSL session requires multiple round trip communications between client and server. This can result in a significant performance penalty and a poorer end-user experience. With a CDN, the negotiation between a Server and a Browser is always local to the end-user resulting in no delay. Leveraging a CDN means fast, consistent and secure performance anywhere around the globe. Custom SSL certificates provided by CDNs are often easy to deploy. If you already have a SSL, you can integrate it to a CDN. A lot of CDN providers offer SSL certificates for minimal costs or even for free.

Other than securing privacy and confidentiality, CDNs are also known for keeping websites secure from DDoS and other threats, ensuring the highest levels of customer trust and safety. Combined with fast performance, it’s a must have for the best web experience possible.

Comments

0 comments

There’s more to see

slider item
Your Innovation Feed

eBook: Don’t Fortify, Amplify: The New Cloud Security Stack

Steven Puddephatt 25.11.21

2021’s Security leaders deal with everything from cloud-native insider threats to staying one step ahead of the unknown. While the cloud is made to amplify and speed up core business processes, the pressure to fortify cloud-borne assets from possible cyber threats painfully slows things down.  GlobalDots harnessed its 17-year cloud security experience to rethink cloud […]

Read more
slider item
Identity & Access Management (IAM)

How IT can Breeze through Onboardings without Additional Hirings

Dror Arie

Which IT Nuisance Would You Automate First? Employee onboarding is one of the heaviest, most complex operations on a company’s IT. This is especially true in fast-growing companies that may see multiple onboardings per day. And, of course, the wider a company’s software tools array, the more accounts to create and permissions to manage. In […]

Read more
slider item
Cloud Workload Protection

GlobalDots Partners with CWP Innovator Lacework

Li-Or Amir 23.11.21

In its constant endeavor to enrich its cloud security offering with the latest innovation, GlobalDots has recently introduced security unicorn Lacework to its vendor portfolio. Founded in 2015, Lacework offers a cloud security monitoring platform which brings together some of today’s top needs: Workload protection, container & K8s security, compliance monitoring. Last weekend (Nov. 18th, […]

Read more

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Contact us
figure figure figure figure figure