March 15, 2016
If you’re selling products or services on your website, your customers have to input sensitive data like credit card details. To ensure that transactions between you and your customers stay secure, you should consider adding an SSL certificate on your website.
There are two main types of SSL certificates, but only one that will fully secure transactions: the CA-signed certificate. In this article, we cover the basics of SSL, self-signed certificates, and CA-signed certificates in an FAQ format.
What is SSL?
SSL is a security protocol that’s today’s standard for establishing secure connections between clients and servers over the Internet. This protocol allows you to freely exchange your private data without having to worry about it being stolen. It is mostly applied in the e-commerce and e-banking sectors.
An SSL certificate is basically a digital file or code that is installed on your web server and enables secure online communications. The certificate is used for authentication and data encryption.
Does SSL Improve SEO?
Yes. Google considers HTTPS a ranking signal. In fact, research shows that HTTPS websites rank higher than non-HTTPS websites. Google will continue to enforce the usage of the HTTPS protocol and it will have a greater role in the whole website ranking process.
Types of SSL Certificates
When choosing a certificate for your domain (www.yourwebsite.com) and for a CDN custom domain (cdn.yourwebsite.com), you should know that there are two main types of SSL certificates:
Self-signed certificates are issued by the same person/company for themselves. The biggest drawback of this certificate is that an external entity doesn’t verify it. In addition, most browsers will display a security alert message which won’t speak highly of your company:
The only upside of self-signed certificates is that you can easily create them for testing environments without having to pay any money.
What Exactly is CA?
CA stands for Certificate Authority. This is a company that issues digital certificates. Often, these certificates include information about the owner. This includes their domain name, company name, city, state and country of their company, public key, digital signature, expiration date of certificate, and the company that issued the certificate.
If a certificate is properly installed on the website it will display a green padlock:
How Does CA Work?
When you access an SSL-protected website, your browser asks for a secure exchange of data from the web server. The server responds to your browser by sending the certificate, then your browser confirms the validity of the certificate. It checks that it was released for the website and issued by a valid CA.
Since an SSL certificate is installed on the server, the communication between that server and client (browser) is encrypted.
Encryption is a mathematical process of coding and decoding information. Every certificate has what is called a public key and private key. A private key is installed on the server and it can’t be shared with anyone. It’s used for encoding the communication while the public key is available to anyone and used for decoding.
Why is the CA Important?
Browsers, or even operating systems, tend to come with pre-installed certificates. These check the certificate of the server that they’re trying to connect to and verify its identity.
SSL certificates are using what’s called the chain of trust model. This model is used for further improving compatibility of certificates. Certificates are organized in a chain that is called a CA Bundle. The CA Bundle should include root and intermediate certificates.
Root certificates are created by the Certification Authority (CA). The root certificate can be found pre-installed in the browser and operating system. By default, your OS or web browser will trust all certificates that are signed by the root certificate installed on your computer.
The intermediate certificate is issued by the root certificate and used to link the root certificate to the SSL certificate installed on the server you’re trying to connect to.
Here’s a breakdown of what it looks like:
- Root certificate issued by CA
- Intermediate certificate issued by root certificate
- SSL certificate for yourdomain.com issued by intermediate certificate
Since your computer trusts the root certificate by default, it will trust the certificate of the server you’re trying to connect to.
How to Upload an SSL Certificate to MaxCDN
Simply navigate to Account → SSL. In the window shown in the screenshot below, insert the correct information:
Keep in mind that the certificate uploaded to MaxCDN should cover your custom domain (cdn.yourwebsite.com). Uploading your domain’s certificate to MaxCDN will not yield the desired results.
If you have any questions about CA-signed SSL certificates, please leave a comment below or start a live chat.