An SSL certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection.

SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser. SSL keeps internet connections secure and prevents criminals from reading or modifying information transferred between two systems. When you see a padlock icon next to the URL in the address bar, that means SSL protects the website you are visiting.

When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake”. Note that the SSL Handshake is invisible to the user and happens instantaneously. Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa. Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data.

An SSL connection error occurs when the page being accessed has some security issues. They occur for users' protection, interrupting access to inform them that there may be some security concerns if they progress. They can take a number of forms, often differing with the choice of browser. In some instances, the page may go red with the https:// pre-x also highlighted in red. Using Google Chrome, there are a number of messages that users might see appear on their screen. These include 'your connection is not private' or simply that 'this webpage is not available'. It might be as the result of outdated security code on the website and doesn't necessarily mean that the site being accessed is suspicious, but users should take connection errors seriously, especially if they are not 100% sure about the destination site. Whilst there are ways to circumnavigate SSL connection errors, it is strongly recommended that users don't. If in website development trials it is found that the site is suering from SSL connection errors then it is imperative to do something about it quickly. This may involve updating the security settings or simply acquiring a more adapted SSL certificate. This will help browsers to establish that the site is secure and allow users to access it without safety warnings.

Most of the big email providers use SSL encryption to encrypt users' mail. In most cases, the SSL option will be automatically checked in email settings. To retrieve mail that has flagged up an error message the user may have to uncheck this option.

Depending on how a site is hosted and where, there are various ways of adding an SSL certificate. In some cases, if there's an ecommerce element on the site, it will be a requirement to have a certificate. Major hosting providers often offer hosting packages including SSL certificates.

A digital certificate is a digital credential that validates the identity of the certificate owner, much as a passport does. A trusted third party, called a certificate authority (CA), issues digital certificates to users and servers. The trust in the CA is the foundation of trust in the certificate as a valid credential. Each CA has a policy to determine what identifying information the CA requires to issue a certificate. Some Internet CAs might require little information, such as only requiring a distinguished name. This is the name of the person or system to whom a CA issues a digital certificate address and a digital e-mail address. A private key and a public key are generated for each certificate. The certificate contains the public key, while the browser or a secure file stores the private key. The key pairs associated with the certificate can be used to sign and encrypt data, such as messages and documents, sent between users and servers. Such digital signatures ensure the reliability of an item's origin and protect the integrity of the item.

SSL certificates can be obtained directly from a Certificate Authority (CA). Certificate Authorities – sometimes also referred to as Certification Authorities – issue millions of SSL certificates each year. They play a critical role in how the internet operates and how transparent, trusted interactions can occur online.

The cost of an SSL certificate can range from free to hundreds of dollars, depending on the level of security you require. Once you decide on the type of certificate you require, you can then look for Certificate Issuers, which offer SSLs at the level you require.

It is possible to use one SSL certificate for multiple domains on the same server. Depending on the vendor, you can also use one SSL certificate on multiple servers. This is because of Multi-Domain SSL certificates, which we discussed above. As the name implies, Multi-Domain SSL Certificates work with multiple domains. The number is left up to the specific issuing Certificate Authority. A Multi-Domain SSL Certificate is different from a Single Domain SSL Certificate, which – again, as the name implies – is designed to secure a single domain. To make matters confusing, you may hear Multi-Domain SSL Certificates, also referred to as SAN certificates. SAN stands for Subject Alternative Name. Every multi-domain certificate has additional fields (i.e., SANs), which you can use to list additional domains that you want to cover under one certificate. Unified Communications Certificates (UCCs) and Wildcard SSL Certificates also allow for multi-domains and, in the latter case, an unlimited number of subdomains.

When an SSL certificate expires, it makes the site in question unreachable. When a user's browser arrives at a website, it checks the SSL certificate's validity within milliseconds (as part of the SSL handshake). If the SSL certificate has expired, visitors will receive a message to the effect of — "This site is not secure. Potential risk ahead". While users do have the option to proceed, it is not advisable to do so, given the cybersecurity risks involved, including the possibility of malware. This will significantly impact bounce rates for website owners, as users rapidly click off the homepage and go elsewhere.

Only submit your personal data and online payment details to websites with EV or OV certificates. DV certificates are not suitable for eCommerce websites. You can tell if a site has an EV or OV certificate by looking at the address bar. For an EV SSL, the organization's name will be visible in the address bar itself. For an OV SSL, you can see the organization's name's details by clicking on the padlock icon. For a DV SSL, only the padlock icon is visible.