Network security: protecting a website with an SSL certificate

With the increasing development of the Internet, the issue of network security is becoming one of the most important aspects: for individuals buying online and for businesses offering their products through the Internet.
To make a website secure when customers transmit their sensitive information, it is essential to adopt an HTTPS protocol.

Why is it important for a website to have HTTPS?

HTTPS (Hyper Text Transfer Protocol over SSL) differs from HTTP in that it employs, in addition to the normal transmission protocol, the SSL (Secure Sockets Layer) certificate, which takes care of encryption and authentication of the transmitted data.
Most importantly, with the HTTPS protocol, the transactions and data that are transmitted in Web sites occur with maximum security, and the content of the communication is not read or manipulated in any way by third parties.

Starting in October 2017, all sites that have not yet installed an SSL certificate will be shown a “NOT SECURE” warning in the navigation bar .
The message will be visible on web pages containing contact forms, login pages, other forms dedicated to user registration.

This warning is part of a long-term plan to mark all pages published using the HTTP protocol as “not secure.”
The “UNSAFE” warning in the navigation bar will affect the user’s browsing experience, consequently also affecting the ranking of the website in the search engine.
All companies with an online business should try to adapt to the change and adopt an SSL certificate to ensure a secure user experience.

SSL Certificate

The SSL certificate, can be regarded as an identity card that recognizes a website for all intents and purposes.
The data that are considered most sensitive and are protected with the SSL encryption protocol are as follows:

• Registration data: name, address, e-mail address, phone number;
• login data to enter a restricted area of the site: password and email address;
• Bank details and payment-related data. This mainly concerns companies that have developed an ecommerce site and sell their products/services within their platform or through marketplaces integrated with it;
• form registration forms, newsletters
• documents uploaded by customers

The types of SSL Certificate

The different certificates, which differ in the type of identification and use, are as follows:

• Domain Validated (DV) SSL certificate: these are the certificates with the lowest level of authentication.
  The Certification Authorities (CA) does not perform a verification of the company’s information but only requires domain ownership. The certificate is issued quickly. It is suitable for those who have a website, in which credibility plays a secondary role and no risk of fraud occurs.
• Organization Validated (OV) SSL Certificate: The CA analyzes both domain ownership and all company information such as Chamber of Commerce registration. The data that have been checked are visible to the visitor and result in greater confidence in continued browsing.
  This attestation, has a higher cost than the first type. It is recommended for websites where no transactions with sensitive data take place.
• Extended Validation (EV) SSL certificate: represents the certificate with the highest degree of authentication.
  The CA examines all information in greater detail, strengthening the trust and credibility of the website. This type is absolutely best suited for websites that sell products/services and are integrated with online forms of payment (credit card transactions and other sensitive data)

The use of the SSL certificate, which is recognized by the green padlock symbol, offers the following advantages:

• Data protection and security of customers and partners;
• Reducing the risk of data misuse;
• Better ranking on Google resulting in increased visibility and accesses;
• Increased user confidence in a site that is safe and secure from outside influences. Users who see the green padlock in the address bar are inclined to have more credibility. All this, increases brand reputation and company image.

How to get the SSL certificate?

In the face of this change, businesses are beginning to equip themselves with the SSL certificate in order not to lose the ranking achieved in search engines and to make users’ browsing more secure. Obtaining an SSL certificate, installing it and keeping it valid over time is a process that follows several steps:

1. Creating a Certificate Signing Request (CSR): it is necessary to originate a CRS request on the server, which contains all the information about the server and the public key, which is useful for generating the private one.
2. SSL certificate order: there are several services (Certification Authorities, CAs) that offer SSL certificates. Among the best known ones we can mention: DigiCert, Symantec, GlobalSign. The most suitable service for your website may vary depending on various aspects, such as: multiple certificates, business solutions, certificate duration, simplicity of the renewal process, economic protection for fraud, legal trustworthiness.
3. SSL certificate installation: you need to download the certificate issued by the CA and then install it on the server and lastly configure the hosting/firewall service for HTTPS.
4. Checking and adjusting the configuration of the website: it is important to review the web pages and the structure of the website in order to resolve all issues;
5. Managing the renewal process upon expiration: attention must be paid to the duration of the certificate, which generally, is valid for one year or several years. Must be renewed before expiration.

Making your company’s site trustworthy to those who browse is a major image advantage. Need an SSL certificate but don’t know which type is right for your business? Contact your Neikos contact person who will guide you in your choice and provide the right advice.