What is a security certificate :
Security certificate is at present is must and should for every website in the digital market. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted.
Why we need security certificate?
In this digital world,almost every thing is carried out through the internet. When you want to transfer your money to your friend through online you go to your respective bank website and login with your credentials and transfer the money. But what if the site is belong to the respective bank or not? Here comes the security issue where the original website will encrypt your data using security certificates and this will enable the safest methods to transfer your money.
The HTTPS will provide two-factor authentication, in which you have to authenticate in two ways and it gives you more security to your personal information.When you see “HTTPS”in any starting of the website it means the website proves it is operated by its true owners by showing a security certificate to your Internet browser, which then indicates to you that the site is legitimate with the lock symbol.
How security certificate works ?
HTTPS takes the well-known and understood HTTP protocol, and simply layers a SSL/TLS (hereafter referred to simply as “SSL”) encryption layer on top of it. Servers and clients still speak exactly the same HTTP to each other, but over a secure SSL connection that encrypts and decrypts their requests and responses
The browser/server requests that the Web server identify itself. The Web server sends the browser/server a copy of its SSL certificate. The browser/server checks to see whether or not it trusts the SSL certificate.The Web server sends back a digitally signed acknowledgement to start an SSL encrypted session. Here the secured connection establishes and all the data will be encrypted and the data cannot be read by others.
In regular websites where the security certificate is not installed the protocol will looks like this :
When you install a SSL certificate, then the protocol changes like this :
- TLS (SSL)
Types of security certificate:
There are 3 types of security certificates that are present. They are :
1. Domain Validated Certificate
2. Organization Validated Certificate
3.Extended Validation Certificate
Domain Validated Certificate :
Domain Validated certificates are certificates that are checked against domain registry. There is no identifying organizational information for these certificates and thus should never be used for commercial purposes. It is the cheapest type of certificate to get, but this is a high risk certificate use on a public website. Visitors to a website with DV certificates cannot validate, via the certificate, if the business on the site is legitimate and thus often DO NOT trust this type of certificate. It is recommended using these types of certificates where security is not a concern, such as protected internal systems.
Organization Validated Certificate :
Organizational certificates are Trusted. Organizations are strictly authenticated by real agents against business registry databases hosted by governments. Documents may exchange and personnel may be contacted during validation to prove the right of use. Organization Validated certificates therefore contain legitimate business information. This is the standard type of certificate required on a commercial or public facing website. OV certificates confirm to the X.509 RFC standards and thus contain all the necessary information to validate the organization.
Extended Validation Certificate :
For this certificate the Certificate Authority (CA) checks the right of the applicant to use a specific domain name plus it conducts a through vetting of the organization. The issuance process of EV SSL Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007, that specify all the steps required for a CA before issuing a certificate, and includes:
Verifying the legal, physical and operational existence of the entity
Verifying that the identity of the entity matches official records
Verifying that the entity has exclusive right to use the domain specified in the EV SSL Certificate
Verifying that the entity has properly authorized the issuance of the EV SSL Certificate
Most of HTTPS are ranking on first page in Google:
Moz reports the number of HTTPS results on Google’s first page has risen from 30% to 50% over a period of 9 months. Moz along with Rank Ranger, conducted a survey and found that the HTTPS website are more in the first page.
Dr. Pete Meyers of Moz predicts the number of HTTPS results could populate 65% of the front page of Google by the end of 2017. Despite the growing adoption rate, Google confirmed it has no plans to boost the HTTPS ranking signal.So there will be no effect on the rankings but still the “TRUST” matters with the consumers.There are some top websites which not yet have installed the security certificates and they are non HTTPS and they are listed on the first page in Google search engine results and they are
Moz recommends keeping in mind that others factors need to be considered beyond Google’s mild ranking benefit for HTTPS. For example, Chrome will start marking non-HTTPS pages as non-secure if they ask for password or credit card information.
As adoption rate increases, researchers believes the pressure to convert to HTTPS will increase as well. so they recommend new sites jumping on board immediately, as security certificates are fairly inexpensive and come with few risks. At the very least, secure any pages that collect sensitive information.
How to get security certificate :
If you are getting this type of warning images then the time ha come to install a security certificate in your website. If you’re starting a secure website, there are lots of different CA’s to choose from. They may include Norton, GoDaddy, Microsoft, and numerous others. Their job is to verify that you own the site they are issuing a certificate for, also known as Domain Verification. This may be done by sending an email with instructions for updating your website’s Domain Name Server (DNS) settings, or files on your webserver, to the email address associated with the website domain. The idea is, only the person who received that email would have the exact instructions for updating the website, and be able to do so.
You can buy SSL Certificates form Semantic Website which provides end to end protection to the website.
There are also some authorities who will provide free certificates to the websites in the market and they will not be accepted by the web browsers.
How To Install Security Certificate :
The best thing about SSL is it’s simple to set up, and once it’s done all you have to do is route people to use HTTPS instead of HTTP. If you try to access your site by putting https:// in front of your URLs right now, you’ll get an error. That’s because you haven’t installed an SSL Certificate.
Setting up HTTPS on your website is very easy, just follow these 5 simple steps:
- Host with a dedicated IP address
- Buy a certificate
- Activate the certificate
- Install the certificate
- Update your site to use HTTPS
Find the detailed explanation of installing the SSL certificate here. You can also verify your security certificate by using the ssl certificate checker tools that are available online.