What Is an SSL Certificate and Do You Need One

– So what is an SSL and
why do you need one? We’re talking about that on The Journey. All right, today we have a special guest, Alycia from Sucuri. She is the security expert
today to talk to us about what are SSLs and should
we actually need one? Let’s just jump in. What is an SSL? – So an SSL is a
certificate for your website that allows you to use
https in the address bar and that actually allows
you to encrypt the traffic between the visitor and your website, basically protecting any
communication in transit – Okay, so tell us a little
bit more about that encryption? What does that, that look like? – So, encryption is basically
like, scrambling the data while it’s being sent. You can kinda think of it
like, if you and a friend have a secret language that only you two know how to translate. That’s what SSL is kinda doing. It’s encrypting all that data
and only if you have the key to translate it at one end
or the other, so the visitor or the browser, that’s
the only way that the data can be actually looked at and analyzed. – That makes sense like
that, that old language of Pig Latin that people used to… friends used to do it with each other. Right on. – For sure, yeah unless you know Pig Latin you can’t decrypt it. – For sure, so yeah, it just
really helps to make sure for things like sending
passwords and credit card data and that kind of stuff. You don’t want a hacker
to do what’s called, a man in the middle attack and sniff the traffic
while it’s being sent. – Sniff the traffic? – Yeah, so they essentially
can have like traffic monitoring tools, if you live in like apartment buildings and stuff. You know how you see all
the of the different SSIDS, for different wifi networks? If somebody’s trying to
sniff on your network and you’re sending passwords in plain text or information to a
website that’s not ideal. – All right, so there
was an update with Google that everyone was up in
arms about, related to SSLs. What happened with that? – Yeah so, SSL has been
pushed by Google for years. About 2014 they made it a
ranking signal that helps you get to the top of Google. So they’re favoring sites that use these security
practices and have SSL. – Right on. – Last year, what they did
is, they went a step further and they actually made it so that if your site doesn’t have SSL, it says not secure in the browser. In the address bar next
to your website address. – Uh. – Yeah. – That’s not good. So if any average person sees
that and says, not secure. Even if they’re not
putting any information on, that trust is gone- – Yeah. – They’re out, they’re bouncing. – Totally, yeah, big red
letters in your address bar it’s not ideal and more
browsers are hopping on it. There’s even antivirus companies that are getting more involved in that. If they detect there’s
passwords or credit card fields. They’ll warn you, and you
may have seen this already. You know, be aware that
this is not a trusted site. – Perfect. And is this only happening
with Google browsers? – No, it’s happening with
a lot more of them now. Yeah. – So everyone’s just kind
of just jumping on board. – Yeah. – Kinda following suit with Google. – Totally, and a lot of
websites have SSL now. It’s pretty much a standard
that you need to adopt if you want to have
trust with your visitors. It’s definitely required if
you have an e-commerce site. And you’re taking credit
card transactions. – 100 percent. – Even if you’re not processing them. Yeah, totally. Nobody wants their credit card
data out there in plain text for a hacker to just go ahead and grab. – Yeah, no thanks. – Yes. – So I… with SSLs there is
something with you have to pay for SSLs for the longest time
and now these things that are just free are coming out. What’s the difference between
paid SSLS and free SSLS? – Yeah definitely. So, in the end, encryption is encryption. You’re still scrambling and
translating an all that kinda stuff with your secret keys. So a free SSL certificate
is still a great option. – Okay. – It still validates
that you own that domain. So you just need to put in an effort to actually install it yourself. And there are awesome guides
out there on how to use it. And there’s tools that make it easier, but ultimately you’re now
responsible to make sure that your SSL certificate
is renewed on time. Otherwise, not secure. Um, so it does help to
pay for a certificate have somebody manage it. There’s also different
types of certificates. Instead of just validating
that you own the domain you can validate that
you own the business. There’s organization certificates and extended validation certificates. Which can be really great. If you’ve ever been on
a site and you’ve seen the name of the company in the address bar with the green check mark? – Yeah, all green, yeah. – Yeah, those are the
EV and OV certificates that have that little
bit of extra information in the green padlock, that’s why it’s there. – Yeah, I see that
pretty common with banks and things like that. Now most businesses may not
need to go to that level but the organization or OV
SSLs are pretty important. So, if anyone needs to
verify, yes this business is who they say they are, we verify that. – Totally, it just helps
people feel like they’re on a trustworthy site. – Right. – And it also means that you have somebody to manage your SSL certificate for you. So you can avoid having it
expire or anything like that. – Especially if you’re not
technical, the free option may not be the way to go. – Yeah, I’ve used free SSLs
and I’ve installed a SSL certificates and it took me a
few tries to get used to it. So, definitely if you’re
not super technical savvy you might wanna, you know, go
the road of getting somebody to manage SSL for you. In fact a lot of these
website builders already have SSL built in. – Okay. So you don’t even need to think about it. But it is good to check and make sure that you do have SSL on your site. – That definitely makes it super easy if it’s already included, no extra steps. Website builders already make it easy. One step further making it even easier. All right, that’s all awesome stuff. But what if I have a website
and I’m not e-commerce and I’m not selling anything . Should I still have SSL? – Definitely. – Okay. – So let’s say you have
a form on your site. Most sites have a contact form. All that data that the
visitor is sending to you is now unencrypted. That’s personal data that
you still wanna protect. Um you may have a membership site, where people are logging
in with a password. – Right. – You wanna protect that too. And also just the
benefits to your rankings. And just the fact it’s a good thing to do. Definitely, everybody should have SSL. – All right, so to recap. Do you need an SSL for your website? The answer is yes, right? – Yeah, definitely, a 100 percent. – Well, that’s all we have for you. Thank you so much to our special
guest, Alycia from Sucuri. – Thank you. – You have been awesome. – Yes, awesome. – And if you’ve liked this video, go ahead and hit that like button and comment below on something you learned and subscribe to this channel
if you wanna see these videos. This is The Journey,
we’ll see you next time.

Comments 1

Leave a Reply

Your email address will not be published. Required fields are marked *