We hear the term all the time, “SSL”, especially when describing website security. Banks and many other websites gloat about how they protect your information with SSL. But what is SSL?
What is SSL?
- SSL is a standard/protocol/agreement
- In encryption/security technology
- Between your computer and the website server
How SSL helps website security?
SSL, when done properly, ensures the data you send/receive (between your computer and the website server):
- Remains private (unreadable by eavesdroppers)
- Does not get changed/tampered with.
What does SSL NOT do?
- Protects your computer against malware
- Protects your computer from getting infected by virus
- Prevents hackers from hacking the website server
- Prevents the government or the website owner from looking into your data
- Encrypts the data you store in the website server
So, do we need SSL?
Think of SSL as armored trucks. Armored trucks:
- They will deliver your package safely to the destination – encrypted, secured communication channel
- They may NOT have a clue of what’s being delivered – viruses, malware, worms?
- They cannot guarantee the package remains safe after it’s been delivered – in case the server gets compromised/hacked later on
SSL is a good start. It’s one of the many things we can do to protect our online security.
Is there anything else we can do?
Yes, there so many other things you can implement to improve your online security.
Take HelloSign as an example, in addition to SSL they also implement:
- Encryption of your data not just during transmission, but also while it’s being stored in the server.
- Limiting physical access to server
- Rotating encryption keys
How do I get SSL on my own website?
Now that you understood what SSL does and doesn’t do, let’s learn how to implement it on your website.
Cloudflare is an AWESOME freemium service that enhances your website security and performance. SSL comes with the all plans, including the FREE plan.
Contact your web hosting company
Your web hosting company should be able to purchase and instal your SSL certificate on your behalf.
Do it yourself – the traditional way
- Purchase an SSL certificate, I like to use NameCheap
- Generate a CSR
- Upload the CSR file back to NameCheap when prompted
- Verify your domain ownership by clicking on the confirmation email
- Install the SSL certificate on your website/server
Get free SSL certificate from Let’s Encrypt
Amazon Certificate Manager
If you need SSL certificate to use with AWS services (Cloudfront, ELB, Elastic Beanstalk, etc.), AWS provides free SSL certificates via Amazon Certificate Manager.
Not sure how to do this?
Let’s make the web safer, one step at a time 🙂
Never miss new posts
Get the latest tech innovation news from Ryan delivered straight to your inbox!