What is SSL or Secure Sockets Layer?
An SSL Certificate can be seen as an identity card for your website and gives a clear signal to your visitors that the connection to the website is encrypted and all data that you enter or share with this website is protected.
Secure Sockets Layer (SSL) is the name for the encryption protocol that makes it possible to secure communication on the internet. By means of a complex encryption of the transmitted data, both the authenticity of a website and the security of the connection over which the data is transmitted can be guaranteed. In other words, a website with an SSL connection can guarantee that the website is from whom a visitor thinks it is.
The communication with the website, when data is sent (for example, filling in online forms), can not be listened to.
SSL is a powerful tool for protecting your customers or visitors against the misuse of data that is filled in or retrieved on your website. Examples include credit card information, online orders for products, contact details, passwords and user names, and confidential communication via a website.
When dealing with sensitive personal data – such as passwords, name and address details and payment information – SSL certificates have been mandatory since the introduction of the new privacy law (GDPR) and certainly contribute to the visitor’s trust of your website.
The use of SSL also has a positive influence on the position of your website in the Google search results. With this, Google motivates owners of websites, more and more to contribute to the safe use of the internet.
Difference in SSL certificates
You can roughly classify SSL certificates into 4 categories:
- LE – Let’s Encrypt
- DV – Domain Validation
- OV – Organisation Validation
- EV – Extended Validation
The big difference between the different certificates lies in the level of checks that are carried out to establish the identity of the organization applying for the certificate. This is dealt with in the frequently asked questions regarding SSL. You will find these questions and answers on this page.
Let’s Encrypt provides free SSL certificates
DigiState also provides the free SSL certificates from Let’s Encrypt for your hosting environment. Let’s Encrypt only provides certificates with domain validation, which provide a secure connection (encryption), but does not provide an identity guarantee (authentication). Visitors to websites with an LE know that their data is sent securely, but unfortunately can not check in the details of the certificate to whom the data will be sent.
Where there is little or no control with a free Let’s Encrypt certificate (and everything is fully automated without the possibility of contacting someone) for Extended Validation that is an entirely different story.
It happens more and more that on the so-called phishing domains LE and DV certificates are being used, with these certificates, cyber criminals try to give phishing websites a reliable look. Because of the simple availability without real checks when issuing these LE certificates, the abuse has increased enormously in recent times.
This makes, in addition to encryption, the identity check an even more important function of an SSL certificate. For this you need a certificate with minimal company data (OV or EV certificates). Because these company details must be checked manually, Let’s Encrypt can not provide these certificates. For the delivery of an OV or an EV certificate, you will always have to fall back on certificates from other SSL issuers, the so-called Certifcate Authorities (CA), which you can request via DigiState.