Online browsing can be scary when personal information is involved, especially when you're exposed to so much news about data breaches and other cyberattacks. Information like passwords, credit card numbers, and social security numbers can of course be used by cybercriminals.

A lot can be done with this information, which is what attracts hackers to online stores, banking websites, and social media. Such data can even be sold on via networks on the dark web. But there are defenses put into place to protect the user from having their information stolen. One such method of defense is an Secure Socket Layer (SSL) certificate.

So what is an SSL certificate? How do you find out if a website has one, and so keeps your data protected? And does your website need an SSL certificate?

What Is an SSL Certificate?

An SSL certificate is a digital certificate that can be purchased by organizations or individuals and allows for a secure connection between a web server and a browser. It does this by binding a cryptographic key to the details of an organization.

The certificates contain information about the name of the certificate holder, the certificates serial number and expiration date, a copy of the certificate holder's public key, and the digital signature of the certificate-issuing authority. This authenticates the website, proving that it really is the website it claims to be, and not hackers posing as that website instead.

Essentially, it verifies that the site is what it says it is.

How Do You Know if a Site Has an SSL Certificate?

A website with an SSL certificate will have HTTPS in the URL, which is a combination of HTTP and SSL. The "S" actually means "Secure".

Most browsers default to HTTPS and will warn you if a site you're visiting doesn't have one. If that doesn't happen, though, how can you check?

Look at the URL of a page. In the top-left, you should see a padlock: that means it has an SSL certificate. If not, it might come up with an "Unsecure" sign or an exclamation mark.

SSL Certificate

You can also click on that padlock or "Unsecure" warning to learn more about the connection and access site settings and a list of active cookies.

Generally, whole sites are covered by one, so navigating to a homepage should tell you all you need to know. That's not always the case, however: sometimes, hosting faults result in selective HTTPS directing. That makes it worthwhile checking on the status of SSL certificates on any page you have to type in sensitive information.

What Is an SSL Certificate Used For?

SSL certificates are used to keep the connection between a server and client—typically a web server and a browser or a mail server and a mail client—secure and private. It authenticates the identity of the website and encrypts the information using SSL technology.

Encryption is merely a means of making data unreadable without a decryption key. You use encryption every time you unlock your smartphone, for instance. Any information on your device is unreadable witout the proper PIN or, in the case of iPhones, Face ID.

When sending information across the web, it is transmitted from device to device, making it vulnerable to hackers or anyone else who wants to intercept it.

Related: What to Do If Google Chrome Warns a Site Is Unsecure

An SSL certificate ensures a secure browsing session with encryption. Users can input personal information and sensitive information like passwords and credit card numbers into a website and send that information without having to worry about it being intercepted hackers, ensuring that only the intended recipient can read and understand what has been sent.

Which Sites Should Use SSL Certificates?

Online banking websites, social networks, email services, and anyone who needs to provide secure browsing sessions for their users should implement the use of SSL certificates. Having an SSL certificate shows readers and potential customers that your website can be trusted.

SSL certificates exist for websites such as Facebook, Gmail, Twitter, and WordPress, as well as the Bank of America, Etsy, Storenvy, and more, because they all deal with sensitive personal information.

In those instances, a secure connection is essential. But because everyone is potentially subject to cyberattacks, you should find SSL certificates on most websites, regardless of what form data they require (if they do at all).

Do I Need an SSL Certificate?

That depends.

If you host a web server where people are sending and receiving information which may be sensitive, using an SSL certificate is for the best. But more and more sites impliment this type of encryption anyway.

Invalid SSL certificate

That's because having an SSL certificate shows your users that your site is trustworthy. You don't want potential readers turning away because Google Chrome says it's unsecure.

Of course, just using a certificate doesn't exclude your site from attacks, so it is still up to the user to remain vigilant.

How Do I Get an SSL Certificate?

This does depend on numerous things, notably hosts and budget. Don't let that put you off: you can get SSL certificates for free, or wrapped up as part of a package deal with your hosts.

It's best to take some steps first before ordering your SSL certificate, to make the process easier on you.

First, get your server set up and your WHOIS report updated. Then generate a Certificate Signing Request (CSR) on the server. This is a block of encrypted text on the server, containing information that will eventually be put into the certificate and submitted to the Certificate Authority (CA), a third party offering the certificate, along with any other data they request.

Make sure you have a unique IP for the server. Your domain can then be validated, and if your CSR is accepted, you'll receive a digital certificate to install onto your server.

How much do SSL certificates cost? That depends too.

Related: How to Get a Free SSL Certificate for Your Website

There are, of course, ways to get free SSL certificates, but more often than not, you'll end up having to pay. GoDaddy offers SSL certificates for as low as $44.99, covering one domain, as does Digicert for anywhere from $238 to $1,499, depending on length of contracts and SSL certificate type.

It's worth checking with your host. Most offer SSL certificates as add-ons, many with additional fees—but some do provide you one for free (or at least discounted). So do your research before signing up with a hosting company.

Keeping Your Browsing Experience Secure

It's difficult to trust a website without an SSL certificate. And you shouldn't submit any sensitive personal information to a page without one.

Nonetheless, it doesn't mean your information isn't at risk at all. A site might store your information as plain text, for example, i.e. meaning it's readable to admin, visitors with behind-the-scenes privileges, or hackers who manage to break in. And yet SSL certificates still provide a solid level of security, making them essential for most of the sites you visit.