What is SSL and why is it important?
What is SSL?
SSL (Secure Sockets Layer) is a standard technology behind establishing an encrypted connection between a web server (host) and a web browser (client). This connection between the two makes sure that all the data passed between them remain private and intrinsic. SSL is an industry standard and is used by millions of websites to protect their online transactions with their customers. If you have ever visited a website using the https:// in the address bar you were creating a secure connection via SSL. If you have an eshop or sell items via your website, SSL helps in establishing trust with your customers.
Understanding how the SSL connection protects your data
Using an SSL certificate creates an encrypted connection between the user's web browser and the web server. This means that any data transmitted between the web server and the web browser can not be read without first being decrypted. This protects the data from being spied upon by someone else on the internet because they will not be able to understand the encrypted data.
How the encrypted connection is established
There a few basic steps that occur when you attempt to establish secure connection. Here's a summary of the steps:
- You type in or select the secure URL (e.g. "https://abcdefg.com")
- The web server receives your request and then submits a reply that attempts to establish trusted connection between the web browser and the web server - also called the "SSL handshake."
- After the SSL certificate is verified through the SSL handshake, the data transferred between the web server and web browser is encrypted to keep it private and secure.
How to tell if a site is using SSL
While the details of the SSL protocol are not displayed to the visitor, most browsers will display a lock or some other form of identification in the address bar. This will indicate if you are currently protected by an SSL encrypted session. If you would like the details of the SSL certificate you can simply click on the lock.
What does the SSL mean to visitors?
Most SSL Certificates contain the domain name, company name, address, city, state, and country. It also contains an expiration date of the certificate and the details of the Certificate Authority (the company who issued the SSL). When a browser attempts to establish an SSL connection to a website it checks to make sure the certificate is not expired, has been issued by a trusted authority, and is being used for the correct website. If any of these checks fails your web browser will display a warning letting the user know that the site is not secured by SSL.
How do I get an SSL for my website?
2014-10-11 11:57 pm
My SSL connection makes a mess of my web page because it expects included files like css files and Wordpress plugins to begin with https, not http. Short of duplicating dozens of files and changing their names so they begin with https I'm not sure what to do.
Try this URL: https://www.artleasecanada.ca and you'll see what I mean
2014-10-13 7:51 am
When preparing for SSL, you do not have to change file names, but rather ensure the paths are not absolute. For example, if you call an image called 'dog.jpg', then it should just be called with a relative path. This means in your code, you just have to place the part of the path from where the calling file is. If the image is in a folder named images, and your page is in the primary folder, then you only have to place 'images/dog.jpg' as opposed to 'http://example.com/images/dog/jpg'. In the latter, you can see it has the absolute path, including the protocol.
Even so, the files should still work, no matter the protocol used. The consequence of having a full path with non SSL protocol when using SSL is just that the green lock will not appear. It will give a warning that some items are being called via normal protocol.
This explanation may not be as thorough as the article I wrote on why the lock is not displaying. Check that out if you like as it is a bit clearer.