SSL in brief
SSL (Secure Sockets Layer)—usually referred to as TLS (Transport Layer Security) today—is an encryption protocol that protects data between browser and server. Without SSL, third parties can intercept passwords or card numbers. An SSL certificate verifies the server identity and enables HTTPS—the secure version of HTTP. SSL/TLS is standard for any trustworthy site—as important as choosing the right domain—and central for SEO, privacy, and user trust.
How SSL/TLS works
When you open an HTTPS page, browser and server first negotiate a secure key (handshake). All traffic is then encrypted—only browser and server can read it. The SSL certificate contains the server public key and is signed by a trusted certificate authority (CA). The browser verifies the signature and shows a lock icon for a valid certificate.
- Handshake:Browser and server agree on algorithms and exchange keys. Modern TLS (1.2, 1.3) provides strong encryption.
- Certificate & chain of trust:The certificate lists domain, validity window, and public key. The CA attests identity. Browsers trust a set of root CAs.
- Encryption:After the handshake, data is encrypted with a session key. Intercepted packets stay unreadable.
SSL certificate types at a glance
Certificates differ in validation depth and scope. The right choice depends on your requirements, site type, and budget.
DV – Domain Validation
The simplest level: the CA only checks that you control the domain (e.g. via email or DNS). Issued quickly, often free (Let's Encrypt). Ideal for sites, blogs, and small shops. No business verification.
OV – Organization Validation
Extended checks: besides the domain, the organisation is verified—registry, address, legitimacy. The certificate includes organisation data. Higher trust, longer issuance. Typical for corporate sites and e-commerce.
EV – Extended Validation
Strict validation: thorough vetting of the organisation by the CA. Older browsers showed a green bar with the company name. Highest trust—especially for banks, insurers, and sensitive transactions.
Wildcard certificate
Covers one domain and all subdomains (e.g. *.example.com). One certificate for example.com, www.example.com, shop.example.com. Handy with many subdomains; often pricier than single-host certs. Requires DNS validation.
SSL vs TLS
SSL was the original protocol (1.0, 2.0, 3.0); TLS is the newer, safer successor. SSL 3.0 is deprecated and insecure—today TLS is used in practice. The term “SSL certificate” stuck even though TLS is what runs. Modern browsers support TLS 1.2 and 1.3.
- SSL: Original protocol, obsolete today. Mentioned mainly for history.
- TLS: Current standard (1.2, 1.3). Stronger encryption and security.
- Terminology: “SSL certificate” and “TLS certificate” mean the same—a certificate for encrypted connections. “SSL” remains common.
SSL and HTTPS
HTTPS is HTTP over a TLS connection. The SSL certificate enables HTTPS—URLs start with https:// instead of http://. Browsers show a lock and mark the connection secure. Google has long promoted HTTPS for rankings; many browsers warn on plain HTTP. HTTPS is mandatory for serious sites today.
- HTTP vs HTTPS: HTTP sends data in clear text. HTTPS encrypts with TLS—same features, but secure.
- Port: HTTP uses port 80, HTTPS 443. Servers often redirect 80 to 443.
- SEO: Google treats HTTPS as a ranking signal. Without HTTPS you risk lower rankings and browser warnings.
SSL for websites and SEO
SSL protects user data and builds trust. Search engines reward HTTPS—SSL is an established ranking factor. Many browser features (e.g. geolocation, camera) also require a secure context.
Security and trust
- Protects logins, form data, and payments
- The lock icon signals trustworthiness
- Supports GDPR-aligned data transfer
- Mitigates man-in-the-middle attacks
SEO benefits
- HTTPS as a Google ranking factor
- Avoids “Not secure” browser warnings
- Referrer data is preserved between HTTPS sources
- Prerequisite for modern web APIs
Let's Encrypt and free certificates
Let's Encrypt is a free, automated CA that issues DV certificates. Many hosts integrate it—enable with one click and renew automatically before expiry. Free certs offer the same encryption strength as paid ones; differences are validation depth (domain only, no org review) and support.
- Let's Encrypt: Free, automatic renewal, DV validation. Ideal for most websites.
- Hosting integration: Many hosting providers (IONOS, Hetzner, All-Inkl, etc.) bundle Let's Encrypt—often one-click activation.
- Paid alternatives: OV and EV certs need manual review and yearly fees. Use when higher assurance is required.
SSL best practices
A certificate alone is not enough—configuration must be correct. These points keep HTTPS reliable and secure.
- Current TLS: Use TLS 1.2 or 1.3. Disable legacy SSL 3.0 and TLS 1.0.
- Redirect HTTP to HTTPS: 301 all HTTP requests to HTTPS. Avoids duplicate content and secures every URL.
- Renew certificates: Certs expire (Let's Encrypt: 90 days). Automate renewal or set reminders.
- Avoid mixed content: Do not load HTTP assets (images, scripts) on HTTPS pages—or browsers will warn.
SSL—summary
SSL/TLS underpins secure websites. A valid certificate enables HTTPS, protects data, and supports trust and rankings. Free DV certs such as Let's Encrypt suit most sites; OV and EV add higher assurance when needed. Planning HTTPS from the start avoids gaps and warnings—SSL is baseline for professional sites today.
IVIS MEDIA sets up SSL certificates and HTTPS for your site—from provisioning and configuration to safe redirects. We support GDPR-aligned data transfer and strong SEO foundations. More about web development
