Agrégateur de donnée spécialisé dans les articles à saveur technologique. Un large éventail de tutoriaux gratuits afin d’informer les webmasters débutants et expérimentés.
samedi 31 octobre 2020
A Beginners Guide To SSL: What It Is And Why It Makes Your Website More Secure
Have you ever noticed that some URLs start with http: // , while the others start with https: // ?
Perhaps you noticed extra "s " when browsing websites that require you to provide sensitive information, such as when paying online invoices.
But where do these extra "s " come from and what does it mean?
To put it simply y, the extra " s " mean that your connection tothis website is secure and encrypted; all data you enter is securely shared with this website. The technology that powers this little "s " is called SSL, which stands for "Secure Sockets Layer ".
As a consumer, you always want to see https: // when you visit a trusted site with your essential information. As a marketer, you'll want to make sure you have an SSL or two for your audience.
Let's talk about why SSL is such a big deal.
What is an SSL certificate?
SSL certificates are small data files that cryptographically establish an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and the browser remains private.
LoWhen you arrive on a page with a form to fill out and submit, the information you enter may be intercepted by a hacker on an unsecured website.
This information can be anything from details about a bank transaction to an email to sign up for an offer. In hacker jargon, this "interception" is often referred to as a "man-in-the-middle attack".
Wondering how attacks happen? Here is one of the most common ways: A hacker places a small, undetected listener on the server hosting a website. This program waits in the background until a visitor starts typing information on the website, and it will activate to start capturing the information and then send it back to the hacker.
A little scary, right?
But when you visit a website encrypted with SSL, your browser will establish a connection with theThe web server, will examine the SSL certificate, then bind your browser and the server. This backhaul connection is secure to ensure that no one other than you and the website can see or access what you type.
This connection happens instantly, and in fact some suggest that it is faster than connecting to an unsecured website server. All you need to do is visit a website with SSL, and voila - your connection will automatically be secure.
SSL is a security technology. It is a protocol for servers and web browsers that ensures that the data transmitted between the two is private. This is done using an encrypted link that connects the server and the browser.
Businesses that request personal information from a user, such as an email address or payment information, must have SSL certificates on their website. Having one means that the iThe information you collect is private and guarantees the customer that when they see this padlock and https: // , their confidentiality is secure.
SSL certificates are categorized by the level of validation and encryption provided OR the number of domains or subdomains under the certificate.
There are three types of certificates that you can earn based on the SSL you get. Let's talk about it in more detail.
Types of certificates
The umbrellas under which SSL certificates fall are encryption and validation, and the domain number. They each have three classifications and can be requested on the SSL website . Certificates are processed by a Certificate Authority (CA), which is software specifically designed to run and grant these certificates.
For encryption and validation certificates, there is a domain, organization and extensive validation. For certificates defined by the domain number, the types are simple, multidomain, and wildcard.
Extended Validation (EV) SSL Certificate
This certificate shows the padlock, HTTPS, company name, and company country in the bar bar 'address to avoid being mistaken for a spam website.
Extended Validation (SV) SSLs are the most expensive SSLs to obtain, but they are valuable in showing the legitimacy of your domain from the address bar. To set up EV SSL, you must prove that you are authorized to own the domain you are submitting. This assures users that you are legally collecting the data necessary to perform certain actions, such as a credit card number for an online transaction.
An EV SSL certificate can be obtained by any company, and it should be a priority especially for those who needcare of identity insurance. For example, if your website processes web payments or collects data, you want to get this certificate.
Organization Validated Certificate (OV SSL)
This certificate verifies that your organization and domain validation is real. Organization Validated SSL Certificates (OVs) offer a medium level of encryption and are obtained in two steps. First, the CA would verify who owns the domain and whether the organization is operating legally.
On the browser, users would see a small green padlock with the name of the company following. Use this type of certificate if you do not have the financial resources for an EV SSL but still want to provide a moderate level of encryption.
Domain validation certificate (DV)
Domain validation certificate (DV) offers a low level of encryption displayed as a green padlocknext to the URL in the address bar. This is the fastest validation you can receive, and you will only need a few company documents to apply.
This check occurs when you add DNS to the CA. For this certificate, the CA will examine the applicant's right to own the submitted domain. (Note: DVs do not secure subdomains, just the domain itself).
Unlike EV SSL, the CA does not verify any identity data, so you will not know who is receiving your encrypted information. But if you're part of a business that can't afford higher-level SSL, a DV gets the job done.
Wildcard SSL Certificates
Wildcard SSL Certificates are in the "domain number and subdomain " category. Wildcard SSL ensures that if you buy a certificate for a domain, you canz use the same certificate for the subdomains.
For example, if you purchased a wildcard for example.com, it could be applied to mail.example .com and blog.example.com. An option like this is cheaper than getting multiple SSL certificates for a number or domain.
Unified Communications SSL Certificate (UCC)
Also known as multi-domain SSL certificates, Unified Communications Certificates (UCC) allow multiple domain names to be on the same certificate. UCCs were created to bridge communication between a single server and a browser, but have since been extended to include multiple domain names from the same owner.
A UCC in the address bar displays a padlock to display verification. They can also be considered an EV SSL if they are configured to sho w this green text, this padlock and this country of origin. The only difference is the number of namesdomain names associated with this certificate.
Multi-domain SSL certificates cover up to 100 domain names. If you need to change the names in any way, you can do so with the SAN (Subject Alternative Name) option. Here are some examples of multi-domain names you can use: www.domain.co.uk, www.domain.com, mail.example.com, and checkout.example.com.
Single domain SSL certificate
A single SSL domain protects a domain. The thing to remember about this certificate is that you cannot use it to protect subdomains or a completely different domain.
For example, if you purchase this certificate for example.com, you cannot use it for blog.example.com or 2ndexample.com.
How can I get an SSL certificate for my website?
The first step is to determine what type of certificate you need. For example, if you host content on morei their platforms (on separate domains / subdomains), this may mean that you need different SSL certificates.
For the most part, a standard SSL certificate will cover your content. But for companies in a regulated industry - like finance or insurance - it may be worth talking to your IT. to ensure that you meet the specific SSL certificate requirements defined in your industry.
SSL certificate costs vary, but you can get a free certificate or pay per month to get a custom certificate. On the free side - Let 's Encrypt offers free certificates, but I highly recommend you ask someone who knows your website's DNS and technical setup to help you. These certificates will also expire every 90 days, so make sure they stay up to date.
One of the other key considerations is the periodvalidity of a certification. Most of the standard SSL certificates you buy are available by default for one to two years, but if you are looking for a longer term solution, consider more advanced certificates that offer longer periods.
Is SSL good for SEO?
Yes. While the main purpose of SSL is to secure the information between the visitor and your website, there are SEO benefits as well. According to Google Webmaster Trends Analysts , SSL is part of Google's search ranking algorithm.
Also, let's say two websites are similar in the content provided, but one has SSL enabled and the other does not. This first website may receive a slight increase in ranking because it is encrypted. Therefore, enabling SSL on your website and all of your pages has a clear SEO advantage.
1. The URL indicates "https: // " and not "http: // ".
The URL should look like the screenshot below. Remember that an SSL encrypted website will always have this "s " which stands for "secure ". Additionally, this text may appear in green and follow a green padlock (another indicator, explained below).
2. You will see a padlock icon in the toolbar URL.
The padlock will appear on the left or right side of the URL bar, depending on your browser. For example, on Chrome and Safari it will be on the left. You can click the padlock to read more information about the site and the company that provided the certificate.
3. The certificate is valid.
Even if a website has the https: // and a padlock, the certificate could still be expired - which means your connection would not be secure. In most cases, a site that displays as https will be secure, but if you come across a site that asks for a lot of personal information, it may be worth checking the validity of the certificate.
To find out if the certificate is valid in Chrome, go to View> Developer > Developer Tools. From there you will need to go to the Security tab to see if the SSL certificate is valid or has expired. If you click the View Certificate button, you will be able to see more information about the SSL certificate and the exact date in lacquerlle it is valid.
The next time you visit a website, check its encryption status. I love knowing that by clicking on a little padlock, I can see if my data is secure. On the other hand, if you are part of a company that does not have SSL certificates, make them part of your next goal so that you can protect your customers' data and privacy.
Editor 's note: This article was originally published in June 2020 and has been updated for completeness.
Aucun commentaire:
Enregistrer un commentaire