Encryption SSL (Secure Socket Layer) provides a secure connection between the client and the server. It consists of an Internet protocol that allows you to encrypt sensitive data (such as payment information, credit card details) and make it unreadable to third parties. At the same time, a certificate confirms that the server is trustworthy. At this time, it is also called TLS (Transport Layer Security).
Relevance
SSL it is a common encryption method for HTTPS connections. These connections are established when sensitive data is to be sent over the connection. Mainly, this includes websites where the user has a password-protected account. Without this secure connection, no online banking, emails, online stores or social networks would be feasible, even vacation trips could not be booked online.. Hence, encryption technology SSL has great relevance for the modern Internet business.
SSL certificate
The SSL certificate It is used to authenticate the owner of the web page. Fundamentally in e-commerce, it is very important to encrypt the data transmission using a certificate SSL, since SSL encryption only protects the transmission of data from the server to the client. It is essential that the provider can be identified especially for transactions such as payments. This can be done using a SSL certificate. At the same time, such a certificate provides confidence and can turn a visitor into a customer.
Content and functions
By clicking on "https" in the address line, each user can read the certificate used on that website. Provides information about the certificate issuer and owner. A creator is, for example, VeriSign Inc. Verifies the owner and can show that it is trustworthy. Thus, the certificate serves as proof that the owner of the page simply exists and is an honest seller, bank or equivalent. The certificate also includes an expiration date. The SSL certificates they are available in 128 and 256 bit versions. The latter is considered more secure.
Variations
Not all certificates are equivalent. There are validation steps that validate different things and thus represent different levels of security. The weakest is the domain-validated certificate. This only checks if the domain email address is considered administrative. This level of validation does not protect against attacks such as phishing. At the same time, there are, for example, certificates that validate the organization. The high level of security, as required in the case of banking connections, is guaranteed by an EV-SSL (Extended Validation) certificate. If a high-quality browser is used with an https connection, the address bar appears partially colored green with this certificate only. A company only obtains an EV-SSL certificate after a detailed, extended and unified verification. This ensures high-level authentication.
Legal issues
From a legal point of view, digital authentication is questionable. Digital documents are generally not legally binding. For example, in Germany since 2001 the Signature Regulations have been in force. Everything related to the certificate SSL It is regulated by this Regulation. The Federal Network Agency is the highest certification body. You can designate accredited certification bodies.
Security
Data transmission is secure and cannot be accessed by third parties. However, the SSL it cannot affect the way the web portal operator handles the data entrusted to it. If it is stored unprotected on a server, it is not protected against hacker attacks. The encrypted search is also based on the SSL encryption. It can be used to encrypt user data so that it cannot be traced.
How does it work
Different types of encryption
Encryption SSL ensures a more secure connection between a server and a client. Application protocols such as HTTP, IMAP, POP3, SMTP, which are transmitted in an encrypted form, are protected with it. This protects sensitive data against unwanted manipulation and access by third parties. Cryptography methods are used such as:
- symmetric encryption (single key)
- asymmetric encryption (two keys)
- hash function (fingerprint).
In general terms, it is verified if the sent and received data match the 100%.
All known standard browsers support the SSL encryption. No problems should arise when using browsers such as Chrome, Firefox, Safari, as well as the current versions of Opera and Internet Explorer.
Advantages and disadvantages
- Sensitive transactions, such as online banking, would not be possible without encryption. Therefore, the SSL contributes to people's comfort. Online shopping saves time.
- A SSL certificate indicates a degree of trust to the visitors of the web portal. The more trust you build in your potential customers, the greater the likelihood that you will be able to retain them as customers.
- From a technical point of view, a great utility is that the SSL it works independently of the operating system. Generally, it does not matter what type of browser is used and no additional software needs to be installed. Hence, anyone can determine a connection with encryption SSL without limits.
- The quality of the user experience suffers in the sense that the connection takes longer than with normal pages. The server has to do a lot more computing and thus needs more time.
Review
- There are reports from 2010 commenting that connections that are protected by SSL are routinely intercepted by state facilities.
- In 2011, there was talk of an SSL-GAU. A certificate issuer was compromised and unauthorized persons obtained already valid certificates. As a result, Heise.de writes that SSL encryption is not a concept for the future.
- The Heartbleed Bug was revealed in 2014, through which a good deal of data was illegitimately obtained. Webmasters, online stores, and private users alike were affected. The total amplitude is unknown.
The issuance and falsification of certificates has been the subject of criticism.
SEO benefits
For a long time, the SSL encryption Webs was a security feature that was only used in sensitive areas like the shopping cart or checkout, but rarely across the board. In terms of search engine optimization, there were some concerns regarding potential duplicate content issues. This was feasible if the URLs of a domain offered the same content with both https and http.
But in August 2014, Google officially declared the SSL encryption of websites as a ranking factor in a blog post. Google itself has absolutely changed its web search to https connections since 2011. For webmasters, the question of greater security for users is now tied to the question of optimal search engine optimization.
In the blog post mentioned above, the authors mention that the SSL encryption it is a relatively small ranking factor. At the same time, webmasters have plenty of time to switch to encrypted connections.
It can be assumed that especially for highly competitive keyword areas, smaller ranking factors can be decisive for higher ranking.
