SSL is used for securing the data transferred between a client and a server – typically a web server or website and a browser.
SSL stands for Secure Sockets Layer. It establishes an encrypted link between a client and a server.
SSL certificate is required to create SSL connection. This certificate contains details about the identity of your website, your company and the validity period of your SSL. Along with the SSL, you get two cryptographic keys which are used by the client and server to encrypt and decrypt the data.
For e-commerce websites, SSL is mandatory as sensitive information is often transferred between the client and the server in such websites.
But, why would a static website require an SSL connection?
It is because of the news posted by Google in September 2016 on Google Security Blog.
Google wants to help users browse the web safely. If a website has added SSL, Google Chrome shows a green icon in the address bar to indicate that the website is safe to use.
But from January 2017 Chrome started showing a red icon with “Not Secure” text in the address bar of the web page, if a page is collecting any kind of sensitive information such as password or credit card details. It wouldn’t show “Not Secure” text for other pages.
Soon Chrome is going to show a “Not secure” text(in grey) in the address bar for non-SSL web pages. If the page is accepting any sensitive information, “Not secure” text will turn red.
Many static website owners and bloggers don’t add SSL to the website as they don’t collect any sensitive information from the users. But, if their URL in the address bar showing “Not Secure” message, then the users will jump from their website.
SSL certificates are too expensive. Some hosting companies give SSL certificates at a discounted rate but the renewal cost is high.
Then, what is the solution to this?
Thanks to the open-source community that is handling Let’s Encrypt.
Let’s Encrypt is a free, automated and open Certificate Authority. It is sponsored by big players in the industry including Facebook, Google Chrome, Mozilla, etc.
With Let’s Encrypt, you can easily obtain and install SSL certificate on your server within few minutes.
How to add SSL using Let’s Encrypt?
The installation process depends on the platforms used. Go to Getting started page of Let’s Encrypt and follow the steps.
If you find any difficulty, drop a message in the comment box, I will be happy to help you.