I’m not sure it was when but I have spoken to many, they have a faint idea on what is HTTP and HTTPS. What does an SSL certificate mean to you? Why do you buy an SSL certificate? Here’s your chance to have a better understanding of the purposes of an SSL certificate.
The major difference between HTTP and HTTPS is a secure connection for the later. When you are visiting HTTPS website your communication to the server is encrypted by an SSL certificate installed. Without a proper, CA signed an SSL certificate your browser will alert you as an error, will stop you to proceed unless you add the website to your exception list.
OK. Some not so technical literate customers will claim this as an error from the server. This is because you do not have an SSL certificate installed, thus the error from the browser, not the server. Why you did not install an SSL certificate?
An industry practice, web hosting providers will not install and never install an SSL certificate. I will tell you why if you read on. However, some control panels like cPanel and Plesk provides an SSL certificate on the server hostname and having said that the hostname must be qualified resolvable hostname in order to work.
Nowadays, an SSL certificate can be paid or free. Most well-known control panels like Plesk and cPanel come with the free SSL certificate module. These certificates only valid for 3 months and can be renewed automatically, provided that the domain still resolved to the server IP.
It is the same for a newly issued SSL certificate. Here we will explain to you why as it is a form of validation. Yes, before the CA issues you with an SSL certificate, verification is required, to check you really own the domain and business.
There are 3 types of validation depends on the type of SSL certificate. DV, OV and EV. Actually, it is more complicated if you are paying more for the certificate. Those green bars you are seeing with a LOCK, these are extended validated, more steps on verification before an SSL certificate is issued.
DV is the cheapest and only require domain verification. DV only requires the applicant to create a designated email account to approve the application or you can update the DNS zone records for verification.
OV stands for organization validation, you verify the existence of the organization like DUNS, telephone numbers on a Yellow page. The EV extended validation normally requires you to fill up forms telephone verification and further verification is required to check on identity. Because of the validation process, hosting provides can not pre-install the SSL certificates.
SSL certificate serves more than secure communication. Basically, it labels your organization. Especially, if you are doing business online, you want your online visitors and customers to trust you, SSL certificate will serve the purpose. I will refrain myself to key in personal details if there is no proper CA-signed certificate website. Information can be hijacked during the transmission, and you will never notice.
However, there is a common perception that your website will not be hacked if you use HTTPS with a valid SSL certificate, This is incorrect. Your website is still hackable if you have loopholes or vulnerabilities.
The SEO experts claimed that there is an impact if the website is HTTP. Google lists HTTP as an insecure site on their search engine from July 2018. HTTPS will list faster. HTTPS websites will load faster in Chrome browser. I cannot really tell but SSL certificate is free anyway at Let’s Encrypt so what is the harm to install an SSL certificate on your website.