What is SSL?

The term SSL stands for Secure Socket Layer and is, in short, the standard technology for maintaining secure communication between a web server / website and a web browser. It ensures that unauthorized individuals cannot access, modify, or delete information transmitted between a web page and a visitor, such as during an order or form submission.

macbook_new-DEVELOPER-EDIT
desktop_image_ssl

How does SSL work?

SSL certificates have a key pair, a public and a private key. These work together to establish an encrypted connection between them. The certificate also contains what is called the "subject", which is the identity of the website owner.

To obtain a certificate, a CSR (Certificate Signing Request) needs to be created on your server. This process generates the private and public keys on your server. The CSR data you send to the SSL certificate issuer includes the public key, also known as CA (Certificate Authority). The CA uses the CSR data file to create a data structure that matches the private key, without being able to see the private key itself.
All web browsers have functionality to interact with secure web servers that use the SSL protocol. However, an SSL certificate is required to establish the secure connection.

How do I install SSL?

If you use a standardized web host, there are often settings to enable a so-called "Let's Encrypt" certificate (more on this below). If you use your own server, the certificate needs to be installed manually. The instructions for installing the certificate vary between different server providers and technologies.

Why is it important to have SSL?

If an SSL certificate is not installed on a website, all traffic to and from the website is unencrypted. For example, if you are in a cafe or an airport, hackers can steal information such as banking details or other sensitive information when you submit them.

Does SSL affect my SEO?

Since July 2018, the Chrome browser marks all websites that are not secured with an SSL certificate by displaying "Not Secure" in the top left corner. Technically, this does not mean that there is something wrong with the website, but visitors can be warned and lose trust in the site's appearance. Google wants the internet to be a safer place and does everything they can to ensure that all websites have SSL. Through the Chrome labeling (developed by Google), they can expedite this process. They have also announced that secure websites are prioritized in search result listings, making this an important factor to consider if you want to appear on Google.

What is the difference between HTTP and HTTPS?

If the web address of a website starts with HTTP://, it indicates that SSL technology is not enabled. If it instead says HTTPS://, you know that an SSL certificate is set up.

What is Let's Encrypt?

Let's Encrypt is a free CA developed by the Internet Security Research Group (ISRG). They provide two types of certificates. First, standard single-domain SSL and wildcard SSL that covers not only a single domain but also all of its subdomains. Both SSL types are issued for 90 days at a time and are often automatically renewed (depending on the server provider).

More information is available on the Let's Encrypt official website.

How does SSL create a secure connection?

When a web browser tries to access a website secured with SSL, a communication is set up in a process called "SSL handshake". Three different keys are used to establish SSL communication; the public, private, and session keys. All data encrypted with the public key can only be decrypted with the private key, and vice versa.

Because encryption and decryption with private and public keys require a lot of processing power, they are used only during the handshake to create a symmetric session key. After the secure connection is established, the session key is used to encrypt all transmitted traffic data.

  • The browser connects to a web server using SSL. The browser demands that the web server identifies itself.
  • The server sends a copy of its SSL certificate, including the server's public key.
  • The browser checks the certificate's root against a list of trusted CAs and also verifies that the certificate is valid, not revoked, and validated against the website using it. If the browser trusts the certificate, it generates, encrypts, and sends back a symmetric session key using the public key.
  • The server decrypts the symmetric session key using its private key and returns an acknowledgment validated with the session key to initiate the dialogue.
  • The server and the browser now communicate entirely encrypted through the session key.

Quote for new website?

Benefits

Get a proposal within 24 hours from us at the web agency Generation.

  • Fixed prices
  • Fast delivery time
  • Ready-made plugins for many additional features, e.g., system integrations
  • Professional unique design
  • Stable and long-standing agency with 30 employees
  • Hundreds of reference projects

Submit a request to us!

Name*(Required)
Samtycke(Required)

This site is protected by reCAPTCHA,
Googles privacy policy and Terms and conditions apply.

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At , corp. ID no. , we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data