What Is an SSL Certificate and Why Do I Need It For My Website?

You may have tried launching your own website, and once it goes online on the internet, you notice that browsers deem your website as “insecure” and warn you that communication to your site is not encrypted. This is tied to a thing called the SSL protocol, which is short for “Secure Socket Layer”, also often referred to as SSL encryption or more broadly digital certificates.

How does SSL work?

The SSL protocol was first developed by the Netscape Communications Corporation in 1995 in order to secure communication over the internet. Prior to SSL’s existence, communication over the internet was done through plaintext that could be read by anyone. This allowed hackers and malicious actors to intercept messages sent through the internet and allowed them to read and obtain important and confidential information such as credit card numbers, passwords and secret documents.

This was addressed by the SSL protocol which allowed clients on the internet to communicate through encrypted messages that would be unreadable by malicious users that would intercept the messages. In addition to that, SSL also made it easier to authenticate the communication established between a client and server so that you can be sure that you are communicating with the device that they claim to be.

What is an SSL certificate?

In order to secure your website and prove to others that you are who you actually are, you need an SSL certificate that acts like a unique identifier for your website (kind of how an ID badge works in the real world). An SSL certificate is stored on a server as a pair of keys (public and private key), where clients accessing your site will read and use the public key in order to verify that your website has the right to its claims of being that site. The private key on the other hand is kept secret on your server and is used to validate and decrypt data that has been encrypted using the public key.

How do you know if a website has an SSL certificate?

Websites that implement the SSL protocol will have the “HTTPS” prefix instead of “HTTP” in its url - for example https://facebook.com. This indicates that you have an established and secure connection to that website.

How to get an SSL certificate

In order to secure your own website you need to obtain and set up an SSL certificate on the server that hosts your website. SSL certificates are issued by certificate authorities (CA) that are trusted organizations who verify and validate websites and other entities that communicate on the internet.

What does SSL cost?

Since you need to obtain an SSL certificate from a trusted entity organization, it almost always comes at a cost since it essentially is a service. SSL certificates usually come at a yearly cost and can usually range from between $6 to $60/year depending on the type of SSL and who the issuer is.

Can you get SSL for free?

There are ways of getting free SSL certificates through sites like Let's Encrypt that issue free certificates that are valid for 90 days though renewable. Let’s Encrypt lets you generate SSL certificates for free by having corporate sponsors and donation programs in order to generate revenue that would usually come through taking payment for the certificates.

You can also use services such as Cloudflare that is a proxy between users on the internet and your server and will provide a secure connection between clients and the proxy. Cloudflare has free services that allow your website to run through HTTPS and can additionally protect you from malicious attacks directed at your site.

If you are creating a website through a hosted platform such as Wordpress or Shopify, they usually offer included security which makes you not have to mess around with SSL certificates and other protocol measures. This is the same for Wasabee.