What is SSL?

Name: What is SSL?
Brand: OVHcloud
Rating: 4.8 (476 reviews)

The SSL (Secure Sockets Layer) protocol creates an encrypted link between a browser and a web server, so that all data circulating between the two remains confidential. The SSL protocol is the predecessor of TLS (Transport Layer Security) protocol, but SSL is still more widely known and used today.

What does Secure Sockets Layer mean and why it is important?

First, it’s important to understand what happened before the SSL protocol was introduced in 1995. Previously, when a customer’s browser connected with a business’s server, any data was transmitted in plain text. This meant if a bad actor could intercept the data in transit, they could read it – including credit card details and any other sensitive personal information. Such a hack was known as a ‘man-in-the-middle attack’.

To try and remove this ‘man’ permanently, in the 90s, browser developer Netscape created the internet security protocol, Secure Sockets Layer. The company was determined to create a protocol that would guarantee data privacy and integrity as well as deliver a trustworthy authentication process for both the browser user and the server owner, i.e., the customer and the business.

And it succeeded with the SSL protocol being adopted by businesses across the world to support and secure their customers’ interactions. As for that ‘middle man’? If he does intercept any data being transmitted, the Secure Socket Layer ensures all he sees is a mass of jumbled characters, leaving him stranded on the sidelines.

What is the difference between SSL vs TLS?

For most people, not a lot. In 1999, the Transport Layer Security (TLS) was introduced to replace SSL encryption, offering updated security features including addressing known SSL vulnerabilities to certain attacks, introducing better encryption algorithms, and more. While any device will now use TLS – technically, SSL encryption is no longer available – the SSL moniker is still used by most of the IT world and certification suppliers. This is because SSL has become an established part of data security lore – and it’s why we are using SSL here and on our product pages when we’re actually talking about TLS.

How can you tell if a website is protected by SSL encryption?

There are two main tells for what is an SSL. The first is a padlock icon in the browser address window, typically to the left of the web address. Click on it and you will be presented with information about the version of the site’s SSL certificate including the option to view the Secure Sockets Layer certificate itself. This will include the certificate’s expiry date. If it’s out of date, the SSL protocol will not be active so users should navigate away immediately. Second, instead of ‘http://' starting the web address, you will see ‘https://'. The ‘s’ denotes that the SSL protocol is present and the connection is SSL secured.

How does the SSL protocol work?

To ensure authenticity, the Secure Sockets Layer creates a ‘handshake’ process between the browser and the server when a connection is attempted. This is broken down into six steps:

1. Client hello

The client – or customer – uses their web browser to attempt to connect with the company website’s SSL server. Before any connection can happen, the browser first requests the server identify itself. In effect, the client is saying ‘hello’.

2. Server hello

To identify itself to the browser, the website sends details of its SSL certificate plus its server’s public key. This is the server’s way of saying ‘hello’ back.

3. Certificate check

The website browser automatically authenticates this certificate against a list of trusted Secure Sockets Layer certificate authorities to verify the SSL certificate.

4. Session key

If the SSL certificate check is successful, the browser knows the server can now be trusted so creates a symmetric session key via the server’s public key, which is sent to the server.

5. Key decryption

The website’s server receives the session key and decrypts it before sending back an acknowledgment, which is also encrypted using the client’s session key.

6. Session start

With the ‘digital handshake’ now completed, the session can officially start with any data moving between the client’s browser and the company’s server now encrypted thanks to SSL.

Why is a SSL Secure Sockets Layer important to business?

One word – trust. It signals to customers that the company takes data security seriously. In turn, this builds customer trust and increases the chances of them making an order. Put it this way – if a business doesn’t have certification, it tells the customer that their fears and concerns about online security are not important to the business. That’s not a great look for any organisation.

SSL security certification also offers the business peace of mind. SSL protocol significantly reduces the possibility of data breaches occurring as well as curtailing opportunities for access by unauthorised users through hacking attempts such as phishing attacks.

Search engine providers like Google also regard a secure socket layer as important and will potentially move SSL secure organisations up search rankings. And then there are commercial and regulatory protocols. For instance, if a business allows for credit card payments to be taken on its website, SSL certification is required to meet industry security standards (known as Payment Card Industry compliance).

Certain territories also have regulations that demand companies have proper data security measures in place. Not having these measures opens the company up to potential legal action including fines. In other words, SSL security and SSL protocol are now vital in this era of e-commerce. Without SSL support, an organisation is left exposed to a set of financial, security and reputational risks.

What are the different SSL definition types?

With the question ‘what does ssl mean?’ answered, it’s time to dig deeper into the types available. There are different SSL certificates available depending on the nature and needs of the enterprise. Each Secure Sockets Layer offering will require the company to go through a validation process to verify it owns the domain and in some cases, provide full details about its organisation. Certification types include :

Extended Validation SSL certificate

This version of Secure Sockets Layer is essential for any company that wants to spotlight the legitimacy of its website to increase visitor trust. To obtain one, the organisation will need to go through a validation process, providing proof that it owns the domain it wishes to certify. This SSL secure certificate is crucial for any company wishing to conduct financial processes on its website or collect highly sensitive data.

Organisation Validated SSL certificate

This form of Secure Sockets Layer isn’t suitable for financial transactions but is instead used to encrypt user activity data moving between the server and the web browser.

Domain Validation SSL certificate

This version of Secure Socket Layer certificate only offers low level encryption and because you won’t know who or what is receiving your encrypted data, it is a basic offering suited for blogs and personal websites only. Those requiring outstanding levels of SSL encryption should look elsewhere.

Wildcard Validation SSL certificate

This Secure Sockets Layer enables enterprise to use the same SSL protocol certificate it purchased for its domain on all its subdomains too. It’s a more cost effective alternative to buying a certificate for each and every subdomain.

Unified Communications SSL certificate

This version of Secure Sockets Layer provides SSL certification for multiple domains owned by an organisation. Up to 100 domains can be covered with a single certificate.

How to get a SSL certificate?

To secure an SSL certificate for an organisation, use the following process to ensure a successful outcome:

Choose the version of SSL certificate you require. As detailed above, the different certificates meet specific needs. It is essential to understand what SSL encryption is and to know the definition of SSL before making a choice.
Get a pair of private and public keys. These can be generated on your server. The keys are required as part of a certificate signing request (CSR), which is used to kick off the secure sockets layer certification process. The CSR typically contains the name of the company, its location, its type and size, and its domain name.
Send the CSR to a certificate authority (CA), ensuring you choose one that is publicly trusted. Once purchased, follow the CA’s instructions to install the new Secure Sockets Layer certificate on the server. This will include uploading and testing the certificate. Once done, you are ready to go.
Remember, no matter the version, all SSL protocol certificates have expiry dates so ensure you know when yours runs out. A failure to do so could see customers receiving security warnings in their web browsers that the site is not SSL secured, and impact on trust levels.

OVHcloud and SSL

Security in the cloud is vital. It’s why we offer easy access and simplified validation processes for all your SSL protocol requirements. We can also recommend which SSL offering is best suited to your specific needs. OVHcloud offers other vital security features to our clients, ensuring you benefit from the latest cyber protection processes for every part of your organisation.

Certificats SSL Let"s Encrypt et Sectigo

Get SSL

With OVHcloud and its range of SSL certificates, you can inspire trust in your visitors, protect sensitive data on your website with the latest SSL protocol, encrypt your e-commerce store transactions, and improve your SEO.

Boost security

Cyber attacks endanger your infrastructure and can result in disrupted or failed services. OVHcloud's network security solution helps eliminate this risk by offering various levels of protection including SSL secure certification, infrastructure protection, host and service security, and more, so you’re able to focus on what really matters – your business.