What the heck is SSL and why is it more important than ever now?

Ah SSL, it was once an obscure term known only by developers and sys admins, now – everyone knows it…or do they? Well I think most people’s definition of SSL is something like “the thing that puts the green box in the browser window.”

While this is true, there’s a bit more going on behind-the-scenes and I thought now would be as good a time as any to do a deeper dive into what SSL actually is and why it has become so important.

First, let’s get a little technical (don’t worry, I won’t get too geeky on you) and talk about what SSL actually is.

What is SSL?

SSL stands for Secure Sockets Layer…and this probably means absolutely nothing to you unless you have an engineering or CS degree. Luckily the concept really isn’t that hard if you break it down, let’s start with sockets.

What is a socket?

Sockets are simply ways for computer to talk to each other, or to even talk to themselves. The idea comes from UNIX, and if you don’t know UNIX, that’s okay, I can explain it in a way you’ll understand either way.

Essentially, in UNIX when you’re reading and writing files you come across something called a file descriptor. You can think of a file descriptor as a simple number that tells the computer where your file is, i.e. an indexing system. If you have 100 files on your computer, and you’re trying to find one, having them organized in a table with a unique number assigned to each one makes life easy, for the computer that is.

A socket works like a file descriptor, it keeps things organized when you’re trying to read and write data between two computers, or within a computer itself…but let’s just think of two computers talking to each other for this example.

So now let’s put this all into a real world example. I go to a website, this means my computer makes a request to another computer (a server) somewhere out there in the Interwebs. How do we communicate together? Through a socket, got it?

Now you can probably guess what’s coming next. The first “S” in SSL stands for secure, so all that means is that the communications over the socket are secure. That makes sense since more than ever people are now sending things like their credit card number and social security numbers to websites…you want that to go through a secure communication channel (socket) right?

Okay, now you should have a pretty solid understanding of what SSL is. Of course what you probably hear about the most isn’t SSL itself but instead an SSL certificate. So we’re not done yet.

What is an SSL Certificate?

An SSL certificate is what guarantees the security of communications through SSL. Here’s a rundown of how it all works together, let’s take this one step at a time:

  1. You connect to a website using a web browser. The web server is using SSL to secure the site so the browser asks the web server to identify itself.
  2. The web server send the browser it’s SSL Certificate, i.e. saying – here’s who I am and why I’m able to promise that I’ll keep our communications nice and secure.
  3. Your browser then checks to see if it trusts the SSL Certificate. If it does, it tells the web server that all is a-okay.
  4. The web server then responds confirming that everything is good to go and starts an encrypted SSL session.
  5. Data being sent between your computer (via your web browser) and the web site (via their web server) is now encrypted, i.e. secure.

Now you should be able to understand why an SSL Certificate is such a critical part of this process, without it, there’s now way for both sides to validate that they trust each other. And like most things in life, without trust, communication falls apart.

But it doesn’t quite end there. There is one more really important thing you need to know about SSL, and that’s it’s connection with SEO.

Why SSL Certificates are so important today

Here’s something you might not know. Google now uses SSL as a signal in their ranking algorithm. This means that if you don’t have SSL, you won’t rank as well, it’s that simple. Just in case you don’t believe me, you can read it directly from Google themselves below:

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.

(Source – Google Security Blog)

Okay, now let’s end with the good stuff. How much do SSL Certificates cost?

The price ranges from $10 up to around $100 depending on what level of certificate you’re looking for. Whenever I’m in the market for an SSL Certificate I usually look around for registrars that are running a special.

I recently learned that 101Domain is running a special through June 12th on SSL Certificates, with prices starting as low as $9.59 for basic SSL. Here’s the full table of pricing with the promotion:

Last but certainly not least

You do not need to buy an SSL Certificate at the same place that you have your domain registered. You can buy a certificate anywhere so I’d always look for the best price since different registrars run promotions at different times.

I hope this article was helpful, at the very least, if someone asks you what the heck is SSL, you’ll be able to drop some serious knowledge. Thanks for reading and if you have any other questions about SSL feel free to ask away in the comment section below!

{ 10 comments… add one }

  • bdsmStore.com May 29, 2019, 5:42 pm

    SSL is definitely a good thing to have for your website for the long term and those prices are pretty good.
    I just paid $200 three months ago.

    One thing i can tell you is that you might lose your google ranking short term.
    My website was ranked number one for over 3 years and after we got the SSL certificate, our google ranking dropped and it’s been 3 months now and it still has not come back up. I read somewhere that it takes time.

    Does anyone here know how long it usually takes for your google ranking to come back up?

    Reply
    • Scott Bender May 29, 2019, 6:31 pm

      There is much more to a ranking coming back other than the SSL Certificate on the site. If you are interested in learning more, please contact me. Scott Bender at scott@internetconceptsusa.com.

      Reply
    • Nick May 30, 2019, 10:59 am

      Scott’s comment basically sums it up…. Google ranking should be improved with a better SSL certificate and the fact that it went down must have been a coincidence.

      Reply
      • Nick May 30, 2019, 11:04 am

        You did everything right! The next steps would be to take a look at other ranking factors and see what you can optimize.

        Reply
  • Scott Bender May 29, 2019, 6:36 pm

    Morgan:
    GREAT topic and very timely. The SSL certificate is only a “minor” ranking factor for Google.
    Did you know that almost 90% of businesses do not have a secure site. One of the problems with this is that it will show “not secure” next to the URL on the left. And in some cases, Google Chrome will do a pop-up saying the site is not secure and not even let you go to it.

    Last month, we launched a new service offering basic SSL certificates including installation and configuration, plus making sure everything including images are httpS. The basic SSL certificate is for non-credit card transactions, but shows to customers when they go to a website and it shows https://domainname.com, that the business cares enough about the security of their site and cares about their prospective customers.

    Also, in some cases, when consumers go to a site that says “not secure”, they might not stay or go there and go to the competition who DOES have their site secure.

    Thanks for highlighting the importance of having an SSL certificate. Especially now where Google has a huge initiative to make all sites secure.

    Reply
  • Dave May 29, 2019, 7:16 pm

    Guys don’t forget no need to pay for SSL certificates anymore. Check out LetsEncrypt.org. I am not affiliated with them in anyway, I’m simply spreading the message.

    Thanks

    Reply
  • Ethan May 29, 2019, 8:18 pm

    As Dave stated above, you don’t need to pay to get SSL because there is free SSL offered by Let’s Encrypt. Although the downside is that it requires you to manually extend the free SSL every 3 months, fortunately some hosting services provide the “auto extend” feature for you so that you don’t need to do anything about that.

    Reply
  • Bar May 30, 2019, 4:35 am

    It’s 2019 – you shouldn’t be paying for SSL! You haven’t had to pay for SSL since like 2016. LetsEncrypt does it for free!

    Reply
  • Pierre Barnard May 30, 2019, 7:22 am

    Great article, thanks!

    Reply
  • Shani May 30, 2019, 10:52 am

    This is a great article, Morgan!

    Many of the other comments mention Free SSL solutions like Let’s Encrypt. Let’s Encrypt is great but it is not for everyone and definitely should not be used to secure any websites that handle sensitive information like credit cards, usernames, passwords, etc.

    With free you get what you pay for. Websites with free SSL are commonly associated with phishing and fraudulent activity because they are so easy to get a hold of.

    SSL certificates like the ones you mention at 101domain, are verified at the domain or business level and offer more control and better security indicators like the green address bar to assure customers you mean business.

    Reply

Leave a Comment