28, August 2022
What is HTTPS and SSL? – Ports Groups guide
HTTPS (Hypertext Transfer Protocol Secure) and SSL (Secure Socket Layer) are used to protect data transmitted over the internet. They provide encryption and authentication, which means that all information transferred between a web server and a web browser is safeguarded from being stolen by a third party.
The Importance of Using SSL Certificates
Not using an SSL certificate is like putting a letter in a transparent envelope and then mailing it – everyone can see what it contains. With HTTPS and SSL, you ensure that the information sent between the sender and the recipient online cannot be intercepted, which is a crucial part of protecting yourself and your company against various frauds and intrusions.
Google's View on HTTPS
The use of HTTPS is currently one of Google's ranking factors and has aimed since 2014 for all webpages to use HTTPS. The purpose is to provide more credible content for their users. As part of the "HTTPS everywhere" initiative, they introduced a change in Chrome that now marks HTTP sites as "not secure".
When it comes to search engine optimization, Google is transparent that if two websites are equal in terms of other ranking signals, but one has SSL, the one with SSL will be ranked higher in search results. But perhaps the most interesting aspect is that according to a survey conducted by HubSpot Research, up to 85% of respondents will not proceed to a site that is not secure (lacks SSL).
As a result, the number of registered SSL certificates has significantly increased.
Different Types of SSL Certificates
Usually, three levels of SSL certificates are discussed – DV, OV, and EV. The validation process differs for each level. The higher the level, the more rigorous the validation process that has preceded the issuance. At the same time, a higher level of certificate implies a higher level of perceived trust in the brand by the visitor to the site.
Domain Validation (DV)
This is the lowest level of validation, which also means it is the easiest to obtain. The validation process involves the issuer verifying that a contact associated with the domain in question approves the request. This is typically done through email but can also occur through alternative methods.
The only advantage of this type of certificate is the quick validation process and relatively low cost. The disadvantages include a higher risk of phishing and "man-in-the-middle" attacks. Some issuers have gone so far as to stop issuing DV certificates due to the perspective that the drawbacks of using a DV certificate far outweigh its benefits.
Organization Validation (OV)
OV certificates are one level above DV certificates. As the name suggests, the validation process for an OV certificate is more rigorous than for a DV certificate and includes verification of the organization behind the request.
This is typically done by following the steps in a validation for a DV certificate, but with the addition that the issuer contacts the company using contact details other than those from the domain name itself. This information is then published on the certificate, making the certificate more transparent and the website more credible.
Extended Validation (EV)
The validation process for an EV certificate is the most rigorous of the three. They take a bit longer to obtain, but for organizations aiming to achieve the highest level of trust for their brand, EV certificates are a necessity.
Most EV certificates also come with features such as malware scanning and badges to display on their site. These additional features can be very valuable when launching a new brand, website, or expanding into a new market. This is because they add credibility from established and trustworthy entities in the digital world. When a visitor clicks on the padlock in the address bar, the organization's validated name and country are displayed. This demonstrates that an EV certificate is in use and which organization the certificate is validated for.
Secure Management of SSL Certificates Minimizes the Risk of Business-Critical Consequences
SSL certificates are often registered with different issuers, at different times, and by various individuals within the organization. This can occur with varying durations and makes certificate management quite challenging, even for small organizations. Not to mention how complex it becomes when dealing with large organizations.
At Ports Group, we have the experience and expertise to guide you in your choice of certificates as well as in the most secure certificate management.
The Major Risks When Managing SSL Certificates
- Incorrect Implementation
- Insufficient Certificate Management
- What Happens If/When a Certificate Expires
- Other Use Cases for SSL Certificates
- Ports Group's "Best Procedure" for SSL Certificate Management
Incorrect implementation can actually be worse than not having an SSL certificate at all.
Insufficient Certificate Management
Insufficient management of SSL certificates can have business-critical consequences. This ranges from external impacts such as unreachable websites and damaged reputation, to internal impacts like incapacitated employees and/or leakage of sensitive information.
What Happens If/When a Certificate Expires
SSL certificates have a predetermined validity period, up to one year. A common misconception about SSL certificates is that they are "renewed." In practice, an SSL certificate needs to be replaced with a new one. However, there are also situations when a certificate must be replaced before its expiration date.
The impact of a non-functioning SSL certificate for a website becomes painfully obvious when it occurs. The website is no longer encrypted and therefore not secure to use. Additionally, the website can become unreachable when a link structure based on HTTPS suddenly changes to HTTP because the protocol is no longer supported. Therefore, remember to ensure that you always have a valid and functioning SSL certificate.
Other Uses for SSL Certificates
Many forget that SSL certificates are not only used to encrypt traffic between a website and a visitor. SSL certificates are actually used in various contexts for different purposes. For example, for VPN connections, applications, cloud solutions, server-to-server communication, and more. Failing to manage SSL certificates can thus impact an entire company's infrastructure.
Ports Group's "Best Procedure" for SSL Certificate Management
Our goal is to ensure the same secure management of SSL certificates as we do with domain names and trademarks. For maximum protection against certificate failure due to inadequate management, our recommendation is always to consolidate your certificates.
SSL Analysis - Step by Step
Let our expert team assist you with a plan for more secure certificate management.
- Current State Analysis
In consultation with you, we analyze the current state of your certificates. What certificates are in place? From which issuers? The analysis is summarized in a document along with a recommended action plan to optimize the existing certificate management.
- Establish Control
Based on the action plan, we enable the client to gain control over all certificates, with the ultimate goal of having all certificates managed by Ports Group for total control and security.
- Smooth Certificate Management
Ports Group is a Platinum Partner with Digicert. As such, we have the capability to provide smooth and secure certificate management with a dedicated contact person and secure administration.
Do you want to learn more about SSL certificates? Contact us, and we'll assist you!