So you’ve decided to increase your website’s security and put your user’s at ease while they are browsing your website. But do you need an SSL certificate or a TLS certificate? The names are almost anagrams, but are they related? Let’s take a look at what each certificate is.
SSL certificates are an important part of web security. SSL protocol encrypts the information going between your website and a user’s browser.
SSL stands for Secure Sockets Layer and it is technically an outdated term despite its prolonged usage. SSL was first created in 1995 by Netscape with the release of SSL 2.0 (SSL 1.0 was never released to the public). By 1996, SSL 2.0 was replaced by SSL 3.0 after several vulnerabilities were found. Versions 2.0 and 3.0 are sometimes referred to as SSLv2 or SSLv3.
The successor to SSL, and the correct term for the technology if you were to buy a certificate today, is TLS or Transport Layer Security. TLS was introduced in 1999 as a replacement to SSL based on SSL 3.0. TLS is currently at version 1.3 or v.1.3.
TLS refers to the transport layer in the TCP/IP protocol suite. The transport layer sits between the internet layer, or the layer routers care about (IPv4, IPv6, etc.), and the application layer, or in this case the part browsers care about (HTTP, HTTPS, etc.). Data is encrypted at this stage in the process and then packed into an IP packet for safe travels along a public network. This placement addresses the vulnerabilities present between our router and our browser, such as man-in-the-middle attacks, while verifying that the server we are connecting to is in fact owned and operated by the rightful company.
What does this all mean?
- The terms SSL certificate and TLS certificate do represent similar things
- TLS certificates are the newer version of SSL certificates
- Certificates are still more commonly referred to as SSL certificates
- SSL protocol has deprecated and should no longer be used
At first, this information may seem trivial since the majority of certificate authorities still market their certificates as SSL. Searching “SSL certificate” yields far more results than searching the term “TLS certificate” does. But as a business, it’s good to know your web hosting technology terms. You will likely continue to hear certificates be referred to as SSL Certificates because it’s what people are more comfortable with, but it is common to hear TLS in the industry as well.
Where do I get a certificate?
Certificates come in all shapes and sizes to help add an extra level of security to your website. Check out a comparison between paid and free certificates to find out which one you need. The most expensive certificates will involve paperwork as part of their validation process as an added measure. This will get you a nice green badge in the browser’s address bar letting users know how secure your site is. The cheapest certificate offerings will involve basic security for a single domain and a quick validation process.
For the advanced user, there’s also the option of installing your own self-signed certificate onto your server.
Speak to our support team about setting up free AutoSSL or purchasing a paid SSL certificate for your website.