What SSL is and why it is important

October 17, 2016

We hear the term all the time,  “SSL”, especially when describing website security. Banks and many other websites gloat about how they protect your information with SSL. But what is SSL?

What is SSL?

  • SSL is a standard/protocol/agreement
  • In encryption/security technology
  • Between your computer and the website server

How SSL helps website security?

SSL, when done properly, ensures the data you send/receive (between your computer and the website server):

  • Remains private (unreadable by eavesdroppers)
  • Does not get changed/tampered with.

What does SSL NOT do?

  • Protects your computer against malware
  • Protects your computer from getting infected by virus
  • Prevents hackers from hacking the website server
  • Prevents the government or the website owner from looking into your data
  • Encrypts the data you store in the website server

So, do we need SSL?

Think of SSL as armored trucks. Armored trucks:

  • They will deliver your package safely to the destination – encrypted, secured communication channel
  • They may NOT have a clue of what’s being delivered – viruses, malware, worms?
  • They cannot guarantee the package remains safe after it’s been delivered – in case the server gets compromised/hacked later on

SSL is a good start. It’s one of the many things we can do to protect our online security.

Is there anything else we can do?

Yes, there so many other things you can implement to improve your online security.

Take HelloSign as an example, in addition to SSL they also implement:

  • Encryption of your data not just during transmission, but also while it’s being stored in the server.
  • Limiting physical access to server
  • Rotating encryption keys

How do I get SSL on my own website?

Now that you understood what SSL does and doesn’t do, let’s learn how to implement it on your website.

Use Cloudflare

Cloudflare is an AWESOME freemium service that enhances your website security and performance. SSL comes with the all plans, including the FREE plan.

Contact your web hosting company

Your web hosting company should be able to purchase and instal your SSL certificate on your behalf.

Do it yourself – the traditional way

  1. Purchase an SSL certificate, I like to use NameCheap
  2. Generate a CSR
    1. via Terminal (on Mac)
    2. Alternatively (easier way)…
  3. Upload the CSR file back to NameCheap when prompted
  4. Verify your domain ownership by clicking on the confirmation email
  5. Install the SSL certificate on your website/server

Let’s Encrypt

Get free SSL certificate from Let’s Encrypt

Amazon Certificate Manager

If you need SSL certificate to use with AWS services (Cloudfront, ELB, Elastic Beanstalk, etc.), AWS provides free SSL certificates via Amazon Certificate Manager.

Not sure how to do this?

Purchase one from NameCheap and get your web host or System Administrator to install it.

Let’s make the web safer, one step at a time 🙂

Author
Ryan Harijanto

Head of Engineering. Former Sr. Engineer @Netflix , @HotelTonight , @Shutterstock. Previously a Senior Systems Engineer at Netflix, currently technology advisor and board member for emerging companies. Diverse technological knowledge and understanding of various industries.

Leave a Reply

Your email address will not be published. Required fields are marked *