- Encryption. Using a complex set of mathematical operations, all of your web activity is scrambled in a way that only your computer and the web server can communicate to each other. This keeps your communications with visitors to your site private.
- Identity Verification. When a web site uses SSL, it provides a certificate that verifies that it is owned by the company and truly being served from the domain name you intend. When businesses acquire an SSL certificate, they go through a comprehensive process with an authorized certificate provider, where they provide documentation that verifies that the business is legit and that the principals of that business have authorized the website that’s requesting the certificate to represent their company.
SSL certificates are more important than ever. It used to be everyone had a home internet connection, where they plugged their desktop computer in. The only chance for someone to eavesdrop on your communications would have been some sort of security breach or misuse of equipment at the ISP level. But, now we’re all on laptops and sharing internet connections with a dozen other strangers at the coffee shop. Any of them might be running any number of easy to use apps that sniff out passwords and other private data from a shared WiFi network. If you work in a large corporate office, your workplace IT department now likely monitors traffic and keeps some sort of log of URLs visited by employees. And, now thanks to Ed Snowden we know the government has the whole internet wiretapped too. Traffic to and from SSL protected sites have a strong protection against these potential eavesdroppers being able to track what you’re doing or glean sensitive personal information from your web activity on those sites.
So, does your site need an SSL certificate?
YES, If you’re asking visitors to fill out a form with any kind of personal information.
YES, If your visitors would appreciate privacy while reading your site, and would prefer that their work / family / dude at the coffee shop with an eavesdropping tool doesn’t get to see the URLs they’re visiting on your sit
YES, Your site integrates tightly with Facebook, such as provides a canvas page for your business Facebook profile. Most large web service providers, especially Facebook, have switched to using SSL in recent years for everything, and have mandated that sites that integrate with their service use it as well.
YES, If your site has a login form that protects valuable
YES, If your site processes any financial information, credit card transactions, or health related information.
NO, if your site is a plain old content-only marketing or information site. The only form inputs your visitors provide are public knowledge anyway, such as blog post comments.
There are some costs. Most situations require a unique IP address per site in order to use a certificate. That’s normally a cost anywhere between $5 and $25 per month depending on your hosting service. There’s a new initiative called SNI that may eliminate this cost soon, but it doesn’t have support in older versions of Internet Explorer browsers. There’s also the cost of the SSL certificate itself. This can be any where from $50 to $500 or more. There are many levels of identity verification available. Cheaper certificates simply verify that you are the owner of the domain name by sending a verification email or having you post a special document on your website. More expensive certificates require extensive documentation to be provided by the principals of the business acquiring the certificate. There’s also a fairly complicated technical process involved in setting up an SSL certificate for a web server, involving some server administration work and some browser testing.
