Imagine that you are in a hotel, connected to Wi-fi. When you surf the internet, for example, to place an order on a website, the data you enter goes through the hotel network.
However, you would certainly not appreciate that a member of staff, a technician or even a hacker can access the credit card number that you have just entered on the screen. How? 'Or' What? Quite simply by spying on the network. But do not think it is necessary to be called James Bond. It is within everyone's reach.
This is the reason why it is necessary to encrypt communications. Encrypting means making them inaccessible to anyone who is not the recipient. Only your recipient, in this case, the webserver of the site on which you are, will be able to decipher the communication.
It is possible, in certain situations, to impersonate a BD server hosting. Thus, a malicious web server could pretend to be the server of the site you are visiting. And as it is the perfect copy, you suspect nothing and send him your precious banking information.
Encrypting communications is therefore not enough. You have to make sure that the web server with which the visitor communicates is the right server, that it is the webserver that he claims to be.
What is an SSL certificate?
This is where the SSL certificate comes in. It is a small file located on the webserver of the site you are viewing. Thanks to this certificate, the browser will be able to authenticate the site. How? 'Or' What? Because this certificate includes a signature and the signing authority is itself designated as the trusted authority by the browser (Firefox, Chrome, Opera, etc.). Sometimes the certification authority is not recognized by the browser, but itself has a certificate that has been signed by another authority which is recognized.
It is a bit like if you have to do business with an unknown person, but among your relationships, you find a trusted friend, or possibly the friend of a friend, which guarantees that this person is reliable. This is called the certification chain.
Once the webserver is authenticated, communications can begin. Remember, we are talking about the SSL certificate. SSL is precisely an encryption protocol. The certificate contains a lot of data including the issuer, the date, its lifespan, the name of the website, but it also contains a key used to encrypt the data. The most curious among you will be able to learn about asymmetric cryptography and understand everything about the mechanisms implemented. For the others, simply remember that no intermediary spying on the network can capture the data that passes between the browser and the webserver.
When the browser thus communicates securely with a web server, a small green padlock is usually displayed next to the address bar. And in this address bar, the site has a URL address that begins with https: //.
A site can operate without an SSL certificate. In this case, you are not offering your visitors the possibility of communicating securely with your site. If it is a personal blog, nothing dramatic. But if there is a site that is likely to circulate personal information, it would be better to secure it and reassure your visitors. Your website will thus give a much more professional image, concerned about the security of the data of its customers.
Also, be aware that Google takes this criterion into account in its SEO algorithm. In other words, having an insecure site penalizes you in the search engine ranking. Of course, this is just one of the many criteria of Google, but it's a shame not to take it into account.
There are many certification authorities like GlobalSign, Thawte, or GeoTrust which offer SSL certificates which you can order directly, or through resellers like SSL247.
However, be aware that most web hosts also play resellers of SSL certificates. It may be more convenient and quick to order an SSL certificate from your host, especially if you need support to install it on your dedicated server. On shared colocation services providers in Bangladesh, it is in principle the host who is responsible for configuring the server.
Let's Encrypt is a great initiative that started a few years ago. Its goal: to offer free SSL certificates. Let's Encrypt certificates do not enjoy the same recognition as paid certificates, but the gap continues to narrow over the years. Another disadvantage: their very short lifespan (3 months) which requires you to renew them very often.
The use of a certificate signed by Let's Encrypt is, therefore, today is a perfectly viable solution for a classic website. Also, Let's Encrypt is the preferred solution for shared hosting providers who have included an SSL certificate in their hosting offer. It used to be a paid option.
Types of SSL Certificates
These are the most common certificates. Simple and economical solution: the certification authority ensures, before signing the certificate, that the applicant has the required privileges on the domain name concerned. Let's Encrypt certificates are DV certificates.
A DV certificate can secure one or more addresses. We speak of a Wildcard certificate when the certificate validates all the sub-domains of a domain name.
Organization Validation (OV) certificates
To issue an OV certificate, the certification authority also checks the identity of the company that requests it. Visitors to your site will be able to see the identity of your company attached to the certificate.
These certificates are much more expensive, and their interest is far from being obvious. Who has fun checking the name of the company by clicking on the little padlock?
These are the most prestigious certificates. The address bar of the browser is coloured green on IE, and the name of the certification authority is mentioned in this same address bar.
As the name suggests, verification by the certification authority is extensive. There will be more conditions to be met by the applicant.
EV certificates are justified for e-commerce sites because they maximize customer confidence.