Back to blog page

What is an SSL certificate?

SSL, TLS, https – it may seem like alphabet soup, but it actually has to do with the security of your data as you surf the web. Whether it’s your online banking credentials or the credit card information you enter on an online shopping site, SSL protocols keep sensitive data from falling into the wrong hands.
Close-up of web browser address bar reading “https”
Did you know that the “s” in https stands for “secure”?

So what exactly is an SSL certificate, and how do you know if the website you are using has a security certificate? Join us today to learn:

  1. What SSL stands for
  2. The difference between SSL vs. TLS
  3. How to check if a website has an SSL certificate
  4. Does an SSL certificate mean a website is safe
  5. How long an SSL certificate is valid
  6. Three main types of SSL certificates
  7. Does your website need an SSL certificate
  8. How much an SSL certificate costs
  9. How to get an SSL certificate
  10. What an “SSL handshake” is

What does SSL stand for?

“SSL” stands for “secure socket layer” – but what does that actually mean? Simply put, it’s an encrypted link between a client – e.g. your web browser – and a server – e.g. the website you are visiting. The encryption keeps your data secure from third parties. In other words, companies, organizations or anyone who operates a website uses SSL certificates to keep their customers’ information secure and private during the data transfer. This is especially important when you are conducting transactions like online banking.
 

SSL vs. TLS

You may also have heard of “TLS” in the context of website security. This is because the SSL protocol has evolved over time, with new versions replacing older ones. TLS (transport layer security) is the version that is in use today, but the initials SSL have stuck and are still widely used.

How do I know if a website has an SSL certificate?

It is easy to see whether a website you are visiting has a security certificate – simply look at the web address to see if it starts with the acronym “https” (like the URL of this web page, https://www.mail.com/blog/), which stands for “hypertext transfer protocol secure.” If the website does not have an SSL certificate, only the letters “http” will appear – the “S” for “secure” is missing. In addition, a closed padlock icon will be displayed next to the URL of a secure website. If you would like more information about that website’s security certificate, you can click on this icon for details.

If a website does not have a security certificate, your internet browser will usually warn you in some way. For example, the padlock symbol next to the web address will appear unlocked or in red, or a warning triangle will be displayed.

Does an SSL certificate mean a website is safe?

SSL encryption is an extremely effective method of ensuring that your login credentials, credit card and bank account information, or any other information you might enter into an online form cannot be accessed by anyone but the company or organization you are sending it to. In other words, an https address or a lock symbol on a website means that your data is encrypted and the data transfer process is secure.

Unfortunately, it does not tell you if the website in question is run by a trustworthy person or company. Some phishing websites have an https address and padlock icon. You can click on this icon as described above to view the site’s certificate and identifying information. The organization’s name – or lack thereof – and issuing Certificate Authority can help you decide if the site is trustworthy.

How long is an SSL certificate valid and what information does it contain?

An SSL certificate is generally valid for two years. The SSL certificate includes information such as its issue and expiration date, the name of the Certificate Authority (CA) that issued it, the domain name that the certificate was issued for, the organization it was issued to, and the public encryption key.

What are the different types of SSL certificates? 

The three most commonly purchased categories of SSL certificates are:
  1. Domain Validated (DV) SSL certificate: This only validates your ownership of the domain. As the cheapest and lowest level of validation, it is suitable for small websites that don’t exchange information with customers, e.g. a personal blogging site or a single-page small business site listing location and opening hours
  2. Organization Validated (OV) SSL certificate: In addition to domain ownership, this certificate validates organizational information such as name and location. An OV certificate is suitable for a small business with forms that don’t collect sensitive customer information.
  3. Extended Validation (EV) SSL certificate: This highest level of certificate validates domain ownership, organization details, and the legal existence of the company. It is usually the choice for larger businesses and for websites that handle sensitive customer data, e.g., financial transactions.

Does my website need an SSL certificate?

As discussed above, the SSL certificate and the SSL/TLS encryption that it facilitates will protect any information that you exchange with customers or other visitors to your website. This is especially important if you collect personal or sensitive data from customers. However, even if your website does not exchange any information with visitors, nowadays an SSL certificate is recommended for all websites. This is because more internet users are aware of security issues and will expect your website to be secure – and having an “unsafe” website hurts your ranking on Google and other search engines. Browsers such as Firefox and Chrome may also issue a warning that your site is insecure. In other words, an SSL certificate can help build trust in your website.

How much does an SSL certificate cost?

A single domain certificate can be purchased for under $10 per year, whereas a wildcard SSL certificate are priced starting around $40. DV certificate prices start at around $75 per year, while OV certificates typically cost at least $150 per year and EV certificates, $200 per year.

It is possible to get a DV SSL certificate for free, which can be suitable for small personal websites (e.g., a personal blogging site) that do not collect financial data from website visitors. The disadvantages of a free SSL certificate can include a short validity period (up to 90 days) and a lack of warranty and technical support.

How to get an SSL certificate

To obtain an SSL certificate, the website operator has to apply to a Certificate Authority (CA), an independent organization or company that validates their identity and information. Some CAs are non-profits that issue free SSL certificates, while others are paid. Examples of well-known and reputable CAs include: To get an SSL certificate for your website, follow this standard process:
  1. Before applying, verify you website information through the ICANN lookup tool to make sure the data you send to the CA is correct.
  2. Generate a Certificate Signing Request (CSR) on your server or using a CSR generator such as the OpenSSL CSR Wizard
  3. Submit your CSR to the CA you have selected, who will verify it and digitally sign the certificate.
  4. When you receive your SSL certificate, install it on your website. This process will vary depending on the web server’s operating system, so contact your web host for instructions on how to complete this step.

Good to know: It is often possible to obtain an SSL certificate through the hosting provider that hosts your website (e.g., Ionos, GoDaddy, etc.). Your SSL certificate will then usually be automatically installed on your site, or the provider can give you detailed instructions on how to install it manually. Going through the hosting provider is often the easier option for beginners.

Bonus explainer: SSL handshake

Depending on what internet browser you use, when visiting a secure website you may sometimes see a message reading “performing SSL handshake with…” in the corner of your screen. Just like a handshake between people, the SSL handshake is how web servers say hello and start communicating with each other. It establishes a link between a user and a website to start the secure data transfer process. In a matter of seconds, your web browser initiates a connection to an SSL/TLS-secured website asking it to identify itself; in response, the website’s server sends back a copy of its SSL certificate. The two then exchange encrypted keys, completing the SSL handshake, and data can be safely shared between the browser and the web server.


We hope this information on SSL certificates helps you keep your online data safe. We look forward to your feedback!

This article first appeared on November 21, 2021, and was updated on November 22, 2023.

Images: 1&1/Shutterstock

Posted in

Security Privacy Internet

250 people found this article helpful.

Related articles

What is a brushing scam? How to identify and report brushing

If you’ve ever received an unexplained package, it may be part of a brushing scam. Read about brushing, if it’s dangerous, and how to report it in our blog. more

Can email tracking invade your privacy? And how to stop it

Email tracking gathers information about your interactions with emails, i.e. when you open them or click links. Learn how email tracking works and 5 steps to protect your privacy. more

How to do a digital detox without missing out

Discover the benefits of a digital detox and learn simple steps to reduce screen time, boost focus, improve well-being, and stay connected without digital overload. more