If you own a website, blog or a web application, you might have come across the term SSL (Secure Socket Layer) or TLS (Transport Layer Security) certificate. So, what is it? An SSL/TLS certificate helps your webserver (where your website or blog or web app is hosted) to identify itself and get trusted by client’s browser. It also enables secure communication between the server and client browser or application i.e. Browser with Website. This ensures that information sent to the server over the network such as a public WIFI cannot be read even if it is intercepted by a hacker. TLS and SSL are often used interchangeably, that’s because they do the same thing (security) and the major difference is how they achieve the same thing. SSL using sockets while TLS uses protocols to secure the connection between the client and the server. TLS is the newer between the two and it is important to note that SSL v3.0 and TLS v1.0 are equally secure.
So, why should you use a TLS/SSL certificate? The main reason that has been preventing website owners from using a TLS certificate apart from lack of knowhow has been the cost. TLS certificates have been very expensive for a long time. But now you can get a free SSL certificate from organizations and companies such as Let’s Encrypt. Let’s encrypt offers free, automated and open SSL certificates and is backed by a lot of large organizations such as Mozilla, Chrome, Facebook among others. This eliminates the cost consideration while determining whether to acquire an SSL certificate.
The 2nd reason why you need an SSL certificate is it increases the trust users have on your site. With an SSL certificate enabled on your website, browsers provide visual indicators such as green padlock on the address bar to indicate to users they are on a secure connection. Major browsers such as Google Chrome, Mozilla Firefox and Opera usually disable some features or warn users when they are using an unsecure connection for login purposes or provide sensitive information such as credit card information. This can easily erode the trust users have on your site.
The 3rd reason why it’s important to have an SSL certificate is provides authentication. An SSL certificate ensures that you are sending the data to the correct server/website. As a website owner, it’s your responsibility to ensure that the data provided to you by the clients is safe. One way to do that is to make sure that clients are not tricked into sending information to the wrong server that is impersonating your own server. An SSL certificate will authenticate the server to the browser and any imposter cannot pretend to be your server.
The 4th reason as to why it’s important to use an SSL certificate is it encrypts sensitive information. When using an SSL certificate, communication between the server and the client are encrypted so that no one without the correct key can read it. This information includes cookies, URL parameters and other form variables such as passwords, credit card information among others. This prevents middle man such as ISP, Network admins and hackers from seeing your sensitive information during transmission to the server and back.
The 5th reason is for branding purposes. An SSL certificate can provide icons on the address bar with the business name instead of just a padlock icon, as indicated in the above image. This provides an added level of assurance to your customers and aides in building a strong brand.
In conclusion, there are many advantages of using an SSL certificate. From my own opinion, the advantages outweigh the disadvantages. One disadvantage is performance taking a hit because it takes more resources to decrypt the information by the webserver as compared to unencrypted information. If you have the resources, you can splash out on an expensive EV SSL certificate but, if you cash strapped, you can use a free SSL certificate from Let’s Encrypt or purchase one of the many SSL certificates that cost around $10 that will be easier to install and will offer a sufficient amount of security.