SSL Certificates, What They Are, How They Work, and Which One You Need

Ever wondered what that little padlock before the URL of a website means? The simple answer is that it symbolizes a secure website with an SSL certificate. But what is a SSL certificate precisely and what does it mean?

Part of GDPR compliance is having the right certificate. SSL, an abbreviation for Secure Sockets Layer, is a digital certificate authenticating the identity of a website. It also provides an encrypted connection between a web server and a web browser so that hackers cannot read the information exchanged between these two. Such a certificate helps to secure information such as bank account information, legal documents, medical records, and login credentials.

The process of connecting a browser to a website with a certificate, also known as a SSL handshake, works as follows:

  • A browser attempts to connect to a website
  • The browser requests that the web server identifies itself
  • The web server sends the browser a copy of its SSL certificate
  • The browser checks whether it trusts the SSL certificate
  • The web server then returns a digitally singed agreement to start an session on the web server
  • Encrypted data can now be safely shared between the browser and the webserver.

SSL certificates over the years

Several SSL protocols have existed since 1994, and under GDPR it has been made obligatory for websites that request information from their users. However, as the internet became more complex, and hackers found more ways to extract personal information, all these SSL protocols ran into trouble at one point or the other. So, a better version, named TLS (Transport Layer Security), was created. We do, however, still call it a SSL certificate. Even when we refer to a TLS certificate, we still call it a SSL certificate. Reason, SSL just sounded better.

An expired SSL certificate?

Digital certificates do expire. In fact, their expiration date becomes shorter and shorter. At first it was five years, this was reduced to three, and later to two years and three months. However, in 2020, GoogleApple, and Mozilla announced that they would enforce a one-year SSL certificate.

The purpose of this expiry period is to ensure that the information used to authenticate servers is as up-to-date as possible. This is done because, just as the world around us, also things on the internet change. Companies and websites are bought and sold and can exchange hands many times. Companies need to manage their SSL certificates carefully.

Smaller and medium-sized businesses (SME’s) may only have a couple of websites or SSL certificates to check. Yet, larger companies on the enterprise level can have numerous websites to check for the right SSL certificate. With such a high amount of websites to check, allowing an SSL certificate to expire is rather a result of oversight than incompetence. Using a certificate management platform is the solution to prevent this from happening.

Nixon Digital provides such a platform that gives you a clear insight into all your websites and SSL certificates. Automating this process prevents your website from exposure to hackers and harmful data leaks.

What is the right SSL certificate for you?

As previously mentioned, a SSL certificate in an important part to secure your website and its data. There are, however, various SSL certificates each with their own unique purpose. So far the following SSL certificates are in play:

  • Single-Domain certificates: This type of certificate specifically protects a domain and its associated sub-pages.
  • Wildcard certificates: A Wildcard certificate protects one domain, like a Single-Domain certificate, but it also protects all associated sub-domains.
  • Multi-Domain certificates: This type of certificate protects multiple domains, but not the sub-domains. It is also known as a Subject Alternative name (SAN) or Unified Communication Certificate (UCC).
  • Multi-Domain Wildcard certificates: The Multi-Domain Wildcard SSL certificate protects various domains and all sub-domains.

Before you pick any of these SSL certificates, it must be said that each certificate has its own strengths and weaknesses.

The Single-Domain SSL certificate is the cheapest option and protects all pages within a domain, but it does not cover sub-domains. The Wildcard SSL certificate is a bit more expensive but only protects one domain and its associate pages. It does, however, only cover first-level sub-domains. Second-level sub-domains are not secured.

The Multi-domain SSL certificate covers and protects multiple domains at once. This means that it does not need separate SSL certificates for each domain. It is, therefore, also a tad more expensive than the Wildcard SSL certificate.

The Multi-Domain Wildcard SSL certificate offers protection of all domains and sub-domains. Especially for companies with a vast number of websites, this certificate is the most cost-effective solution.

Still not totally sure which certificate to use for your company? Not only does Nixon Digital provide a platform which gives you a clear insight into your website portfolio, we also offer consultancy services.