What is SSL Hosting?
SSL, CA, EV SSL, Trust Seals – We’ve all shopped online before and at one time or another you may have noticed that little security lock somewhere by the address bar, or in the lower right hand corner of your browser window. You may have even noticed your entire address bar turn green on some sites or an ‘https://’ at the beginning of a url. Those symbols show that Secure Socket Layer (SSL) certificates are being used. These are electronic bits of encrypted code that are issued by a certifying authority, like GlobalSign and Verisign (now part of Symantec).
SSL certificates are electronic documents that verify the site and the data that is submitted to it are encrypted. This protects sensitive information like financial information, personal info and anything you might receive or transmit over a web session. Certificates are issued with two keys - one that is public, one that is private. These keys allow for the verification of the certificate on the web server that they are installed on.
Third party SSL Secures Identity
When SSL certificates are issued by a third party, there is a level of verification that has taken place that identifies the company or person who first requested the certificate. Certificates are not perpetual, meaning they have an expiration and have to be renewed. Consumers can have a measure of confidence that not only is their data encrypted, but they know that the certificate was acquired by someone who validated their identity to a trusted authority. These trusted authorities are built in to every browser.
Imagine if everyone could produce their own state ID’s, that would make them worthless, so the requirements to get one are controlled and they are only issued by state offices.
SSL – A Matter of Trust
The takeaway is that digital certificates are only as valid as we perceive them to be. You trust your state to do the due diligence to validate an ID applicant’s identity. Third-party SSL certificates are based on a chain of trust between your browser and just a handful of certificate authorities. These root certificate authorities (CA) serve the Public Key infrastructure (PKI) for the public. Modern web browsers automatically trust digital certificates that are issued by the pre-installed root CAs and any subordinate CAs that are part of that chain of trust. Companies often issue equipment and systems that interact with systems whose identity is certified and secured by corporate PKI systems. Companies install their own certificates into the trusted stores on devices and applications so that identity can be tightly controlled by their own means.
Not every certificate is the same, there are different types that are secured by different strengths of encryption levels. If you hover your cursor over the padlock icon, it will report the certificate encryption strength and other identifying info. The web standard is generally agreed to be 2048-bit encryption.
Extended Validation SSLs
Seen some green? The highest certificate that can be attained is the ‘green bar’ certificate, also known as an Extended Validation certificate. These high security certificates require a higher level of validation than normal. The validating certificate authority actually checks business records, business entities, street addresses and more in a comprehensive set of identifying steps. When a browser sees one of these special certificates, the address bar (or a part of it) turns green letting the internet user know that the identity of that site is authentic and secured at the highest level possible.
The offerings that are available from certificate vendors can be quite confusing. You will find several different options for levels of validation, you can find different hash types, different key lengths and a number of warranty services. Matching up the application with the right certificate can be a difficult task. It’s always best to find a responsive provider that is willing to guide you through to the right certificate.
Some hosting providers will include support for SSL certificates as part of their eCommerce packages. These might be ‘Shared SSL’ certificates, which are lower grade certificates which may not meet more advanced security or financial requirements. Always check your certificate requirements and costs to be sure you are buying the right certificate ahead of time.
Here's What Your SSL Certificates Hosting Needs To Offer
When selecting a hosting provider for a project where you intend to implement SSL authentication be sure to verify that the plan either includes a dedicated IP, or that one can be assigned to you as an account add on. SiteGround has a strong history of providing excellent hosting with the ability to add an SSL certificate.
Find The Best SSL Certificates Hosting For You
SSL Certificates Hosting Frequently Asked Questions
How long does an SSL certificate last?
That depends on the certificate authority you have selected to go through and the plan you selected.
Much like purchasing a domain name or hosting packages, most SSL certificate authorities offer a variety of levels and allow you to purchase different timeframes of coverage.
What is Public Key infrastructure (PKI)?
A PKI is a company or service that manages keys and certificates, allowing website visitors and servers to communicate over a trusted network. The PKI provides a means to verify the identity of the website you are visiting.
How does a shared SSL certificate compare to a private SSL certificate?
A shared certificate uses your host’s domain name, rather than your own domain name. If you attempt to use your own domain name with your shared certificate, it will generate a warning message when visitors go to your site.
However, as long as you use the shared server name for your account, visitors will not receive the popup message.
This setup is typically used when you don’t need to publicly announce the secure connection, and it not recommended for eCommerce sites, where customers will expect to see your domain listed on the certificate.
Private SSL certificates use your own domain name, so your site visitors will see your domain associated with the certificate, creating a much higher level of trust in your site.
Private certificates are particularly important if you’re asking for secure information such as credit cards.
What does my browser check for when it connects to an SSL site?
When your browser identifies and SSL site, it will send a request for the SSL Certificate and verify that it has not expired, was issued by a trusted Certificate Authority, and is being used by the website it was issued for.
If any of these checks fail, your browser will display a warning to let you know the site is not secured by SSL.
What sort of data can be secured using SSL?
SSL is not specific to a certain type of data, but instead uses public key cryptography for authentication and a secret key cryptography with digital signature to send and receive data. Any type of data can be secured from text to images database content.
What should I do if I lost my SSL password?
It’s essential that you keep the password you used to create your SSL certificate, because this private password is the only way to verify you and your site. If you lose that password, you will need to create a new SSL certificate.
Can I have more than one SSL certificate per IP address or on a single web server?
In order to do so, your hosting server must support Server Name Indication (SNI).
Until recently multiple SSL certificates could not be installed on a single IP address, so if you had virtual hosts to host multiple domains from a single IP, you could only install one SSL certificate.
With SNI, you can now include the Hostname when passing information on an SSL verification check. Doing so allows a single IP address to support multiple SSL certificates.
Before going this route, make sure to check with your hosting provider to ensure SNI is supported.
Do all browsers accept SSL?
There’s always an exception, but you should feel pretty confident when you choose SSL, because it covers over 99% of internet users.
SSLis supported by the following popular browsers (among others): Chrome, Firefox, Internet Explorer v5.01 and above, Safari, Opera v7 and above, and Sony PlayStation.
A complete list is too exhaustive to include here, but unless someone is still using their Windows 3.1 machine to go online, their browser probably supports SSL.
Who developed SSL?
SSL was originally developed by Netscape in the early 1990s; however, it was not until v3.0 was released in 1996 that SSL received general acceptance, after a complete redesign in order to overcome the many security flaws plaguing previous versions.
Can I allocate only some directories to have SSL certification, or do I have to secure my entire site?
That depends on the setup your server host provides and the software you have installed to host your site.
In most cases, you can designate a sub domain to be used as your secure site, and only enable SSL for that site.
For instance, you can set up a general site, www.cool-site.com, which does not have SSL security protocol in place. When you need to collect information from your visitors, you could send them to your subsite, secure.cool-site.com, where their information would be secure.
What level encryption do I receive when connecting to an SSL certified site?
That depends on a number of factors.
First, the level of encryption required by the SSL certificate the site has obtained.
Next, the capabilities of the site’s server host.
And lastly, the browser you are using will affect the level of encryption you receive.
Even if the website and server provide strong 256 bit encryption, if you’re using an older browser that can only support 128, you’re information will not receive the same level of encryption as others visiting that same site.
For the strongest encryption level, stick to trusted sites and keep your browser up-to-date.
How does SSL compare to TLS?
Technically speaking, SSL was the predecessor of TLS.
They work the same way: both require the data to be secured by an appropriate level of encryption, both require a certificate authority (CA) to vouch for the identity of a website, and both rely on a “handshake” between the browser and CA to verify the site.
TLS provides a number of additional security measures that SSL 3.0 did not provide, removing many vulnerabilities in the older standard. However, don’t be dismayed if you’re trying to sign up for TLS protection and can only find CAs that provide SSL.
The two names are used interchangeably, so when you sign up for SSL, you are actually signing up for SSL/TLS.