SSL

Meaning of SSL

SSL is an encryption method for Internet connections. It is identified by the “S” in HTTPS. Initially, the security technology was introduced primarily for connections where users have password-protected accounts. These include online banking, e-mails, online shops and social networks. Since 2018, HTTPS connections have been mandatory for all websites as part of the GDPR introduction, no longer just when sensitive data is sent via the connection, SSL encryption technology is therefore very important for modern internet society.

SSL certificate

Since SSL encryption only protects data transmission from server to client, it is essential for data transactions such as payments that the provider can be identified. This can be done with the help of an SSL certificate. Such a certificate creates trust in the user and can thus improve the conversion rate.

content and function

SSL works by making it impossible to read the data that is transmitted between the user and the website or between two systems. This includes potentially sensitive information such as names, addresses, credit card numbers or financial details. An encryption algorithm is used that encrypts data during transmission. This process is also called “SSL handshake” and takes only a few milliseconds: 1. A browser or server tries to connect to an SSL-secured website or build up to a web server. 2. The browser or server asks this web server for identification. 3. The web server responds by sending a copy of its SSL certificate back to the server or browser. 4. Now the browser or server again checks the trustworthiness of the SSL certificate – if this is the case, the web server receives the corresponding signal. 5. This then sends back a digitally signed confirmation to start the SSL-secured session. 6. The encrypted data is shared and transmitted between the browser or server and the web server. When a website is secured with an SSL certificate, this is stated in the URL identified by the acronym HTTPS (Hypertext Transfer Protocol Secure). Next to it is a padlock that signals secure data transmission. With a click on this padlock in the address line, every user can display the certificate used. It provides information about the certificate issuer and the holder. The certificate issuer checks the owner and can identify him as trustworthy. The certificate serves as proof that the site owner is a real person. Each certificate is only valid for a limited period – on average, browser operators have to request a renewal every 12 months. SSL certificates come in 128-bit and 256-bit variants. Due to the highest number of encryption options, the latter is currently (as of 10/2021) the most secure SSL variant for web browsers.

Variants

Not every certificate is equal. There are so-called validation levels, which validate different things and thus represent different levels of security: 1. Extended Validation (EV SSL): A high level of security, as required for bank connections. A company only receives the EV SSL certificate after a detailed, extended and standardized check. This ensures authentication at a high level. 2. Organization Validated (OV SSL): Identifies the certificate holder as the domain owner and carries out an organizational verification. With this certificate, users can see who is using the website operates, which improves trust. 3. Domain Validated (DV SSL): The weakest validated certificate. This only checks whether the email address of the domain is considered administrative. This validation level does not protect against attacks such as phishing and the certificate is the most commonly abused.

Different encryptions

SSL encryption ensures a more secure connection between a server and a client. Application protocols such as HTTP, IMAP, POP3, and SMTP, which are transmitted unencrypted, are secured. Encryption methods are used for this, such as

• symmetric encryption (only one key)
• asymmetric encryption (two keys)
• Hash function ( Fingerprint )

Roughly speaking, SSL encryption checks whether what is sent and what is received match 100%.

Browser support

All known standard browsers – Chrome, Firefox, Safari, Opera and Internet Explorer – support SSL encryption.

Advantages and disadvantages

• Sensitive processes such as online banking or shopping would not be possible without encryption.
• An SSL certificate strengthens potential customers’ trust in the provider, which has a positive effect on the conversion rate and customer loyalty.
• SSL works independently of the operating system. The browser used is (almost) irrelevant and no additional software needs to be installed.
• Thanks to technological advances, the risk of counterfeiting of SSL certificates is now considered negligible.

Benefits for SEO

For a long time, SSL encryption of websites was just a security feature that was only used for sensitive areas such as e-commerce. Concerning search engine optimization, most of the time only possible problems with duplicate content were referred to. This was always the case when URLs of a domain delivered the same content with both https and http. Then, in August 2014, Google officially declared SSL encryption of websites as a ranking factor. Since HTTPS has long been the standard on the web, the SSL ranking factor has a more indirect effect on the user’s trust in the SERP– Position off. Google itself switched its web search completely to https connections back in 2011.