10.31.18
by

SSL Certificate for encrypted And Secure Connection


SSL Certificate

Suitable Chrome Warning – SSL Certificate

Google Chrome will give the warning “Not Secure” for HTTP sites after January 2017. Google want a connection between Chrome and the web page to be more secure, i.e. private. A green lock in the URL indicates HTTPS connection, which points to “Your connection to this site is private.”

HTTPS establishes an encrypted connection between web browsers and servers, ensuring that third parties cannot interfere with data transfers. HTTP is no longer considered sufficiently secure and is being forcibly phased out.

Google search has already started preferring HTTPS web pages over HTTP pages. It has outlined sites operating without HTTPS and dropped down the SERP rankings, ultimately causing them to lose visibility. Any site not protected with Secure-Socket Layer/Transport Layer Security (SSL/TLS) will be marked with the red triangle of an insecure location.

Web hosting providers like Automatic and WordPress.com have already turned on SSL for their hosted customers in April 2016.

An SSL certificate or X.509 Digital Certificate from a trusted third party called a Certificate Authority (CA), which guarantees the Digital Certificate’s authenticity with a Digital Signature, is a must for websites.

LinuxHost.net suggests to avoid self-signed certificates.

Types of SSL Certificates

  • Domain Validation (DV) SSL Certificates: The simple websites opt for this; it implies that the DV registrant has admin rights to the sites
  • Organization Validation (OV) SSL Certificates: Most commercial websites opt for this certificate. It validates the domain ownership and includes ownership information like the site owner’s name, city, state, and country.
  • Extended Validation (EV) SSL Certificates: It legally validates the domain’s owners. The website shows a green address bar in most browsers.

Nonprofit Internet Security Research Group (ISRG)’s Let’s Encrypt SSL Certificate

Hosting Providers like ZDNet and Hivelocity offer free Let’s Encrypt certificates.

Let’s Encrypt, a nonprofit Internet Security Research Group project, provides free certificates to Dreamhost, Squarespace, and WordPress. Dreamhost requires you to purchase a unique IP address on your hosting plan for free SSL.

  • It is Open Certificate Authority providing free and automated SSL-Certificates to enable HTTPS for websites supported by Google Chrome, Mozilla, and EFF.
  • Difference between Commercial CA’s and Let’s Encrypt SSL: Commercial businesses back up their security with a $500,000 and $1 million warranty, but with Let’s Encrypt, it is your own. Furthermore, the organization don’t offer OV or EV certificates.