Difficult to see clearly among the acronyms and terms that populate the world of digital certification. SSL certificate, TLS certificate, HTTPS, encryption, authentication… This guide aims to simplify your life in terms of website security.
Users are more attentive than ever to data protection: Ensuring the safety of Internet users when they browse your website is therefore no longer an option. Problem: The world of cybersecurity looks like a bad science fiction film, with its cryptic jargon and its enigmatic acronyms (SSL certificate, TLS certificate, HTTPS…). At the risk of missing out on the essentials. This guide is there to help you see more clearly, through a focus on three essential concepts.
The encryption and authentication certificate
You probably paid attention: the address bar of a web browser provides information on the level of security of the sites visited. We know in particular the small padlock that appears next to the URL, a sign that the site owner has adopted the HTTPS security protocol.
This securing of servers (and therefore of websites) requires encryption algorithms. These consist of the generation of a cryptographic key which allows:
Ensure the confidentiality of data exchanged between a client workstation and a server. As soon as it is activated, only these two entities can decrypt the information which circulates between them.
To guarantee the integrity of the data.
Authenticate the web server with which the user communicates. Because a simple encryption key does not guarantee the identity of its holder!
To benefit from this protection, a website uses an encryption certificate – an SSL or TLS certificate – linked to the HTTPS protocol. It is issued by a Certification Authority (CA), each offering different levels of reliability.
Two protocols allow you to connect to a web server: HTTP and HTTPS. Between the two, only one letter of difference, but a real abyss in terms of security.
The HTTP protocol (for HyperText Transfer Protocol) allows the transfer of data on the web. It is, in a way, the manual for a request sent by the browser to the server, a prerequisite for the exchange of information. The problem is that this type of connection offers no security. Anyone can intercept the data.
This is where HTTPS comes in (with the “S” from Secure in addition), which adds to conventional HTTP an SSL / TLS protocol. This ensures data encryption using an asymmetric encryption key, making the information exchanged illegible for a third party and securing the connection. It also proves the identity of the holder of the corresponding SSL / TLS certificate.
Activating the HTTPS protocol causes a padlock to appear next to the URL in the address bar, which Internet users are now used to. It is displayed when a website is protected by an SSL certificate or a TLS certificate – which amounts to the same thing, as we will see right away.
SSL certificate (or TLS certificate)
To display a website in HTTPS, a company must first obtain an SSL certificate. SSL (Secure Socket Layer) is the technology used to secure data exchanges between the browser and the server. It is particularly suitable when a user wishes to provide confidential data to a website, for example, to make a payment. Obtaining an SSL certificate leads to activating the SSL protocol, authorizing the site to open a connection using HTTPS.
The TLS certificate is the successor to the SSL certificate. TLS (Transport Layer Security) is a more secure version of SSL operating on the same principle. If your website still uses an old SSL protocol (2.0 or 3.0), the user is warned by the presence of a padlock (or the HTTPS prefix) crossed out in the URL. But beware: by convention, we still talk about an SSL certificate rather than a TLS certificate, even if the protocol used is TLS. Check carefully before changing anything!
SSL, TLS and HTTPS: essential security
You will understand: these different terms and acronyms (certificates, SSL, TLS, HTTPS) encompass one and the same thing, namely protocols for securing exchanges between Internet users and websites.
In a few words, the display of your site in HTTPS supposes to go through the TLS protocol, itself requiring the obtaining of an SSL certificate.
Switching to HTTPS is no longer an option. Data protection has become a major issue for users – especially since the revelation of wiretapping by the NSA – as much as for Google. In order to encourage web players to secure their sites, the leader in search engines acted in three stages:
From 2014, by promoting the positioning of HTTPS sites in the results.
From 2015, gradually penalizing unsecured sites through less advantageous positioning.
From the beginning of 2018, by displaying a “non-secure” label on the pages in HTTP.
Today, 70% of web pages are displayed in HTTPS, compared to only 40% in 2015. A percentage that will only increase. Because, following Google, other platforms are calling for the adoption of an SSL certificate: since 2017, WordPress offers, for example, features only accessible to HTTPS hosts.
It is therefore urgent to take the plunge to ensure the visibility of its site and its brand, all the more so as this contributes to the deployment of an Internet more respectful of the rights of Internet users!
About the author
DMTwebhosting.com’s Editorial Team prides itself on bringing you the latest web hosting news and the best web hosting articles!
You could also link to the news and articles sections: