A few months ago we all watched the encryption battle between Apple and the FBI. That all came to a raher undramatic end, but it definitely worked to put a spotlight on the issue of online security/encryption.
Encryption is very important when it comes to the internet, as it is key in making your website a safe spot for users. A secure website gives users the confidence to navigate and interact in a trusted environment. The easiest way to spot a secure website is by checking the URL bar on your browser. If a website has a secure connection, it will display a lock icon or a green bar, as you can see on the image below:
For a long time, getting a SSL certificate – data files that digitally bind a cryptographic key to your organization details and when installed in your web server, activates the padlock and the https protocol, allowing for secure connections between the web server and the browser - was a costly and demanding process. You could either setup SSL on your own server, which required you to be familiar with servers and network configurations or you could use the secured server that your web host provided.
In an effort to provide a more secure connection for every website out there, with low cost and easy-to-use service, the Internet Security Research Group (ISRG), sponsored by companies such as Mozilla, Google, Facebook and Cisco, created “Let’s Encrypt,” a free, automated and open certificate authority (CA) for the public’s benefit. With Let’s Encrypt, users can setup an HTTPS connection for their website and have it automatically obtain a browser trusted certificate, without any human intervention. Let’s Encrypt can be installed on shared servers on host providers such as Site Ground, which means that you no longer need a dedicated server with a dedicated IP address to have a secure connection, and did I mention, is FREE?!
Although Let’s Encrypt was released just 18 months ago, it already has more than a million certificates, helping to secure more than 2.4 million domains on the web.
Using the service is very simple: Let’s Encrypt simply runs a certificate management agent on your own website server (your host provider) instead of a third party server. Basically, there are two steps necessary for it to work:
1. The certificate management agent needs to validate that your domain is in fact controlled by your webhost. To achieve this, Let’s Encrypt creates a new key par file in a specified path on the web server and validates its content against its CA upon signature – note that when a secure connection is requested, the domain must sign in with the certificate authority. Let’s Encrypt CA simply checks that the key pair value on the file has the expected content.
2. Once the agent has validated the domain, it creates a PKCS#10 Certificate Signing Request that tells Let’s Encrypt to issue the certificate with a specified public key. That public key is sent back to the agent, which at that point knows that a secure connection is valid.
Encryption and secure connections on the web have always been important. But these days, it’s extra important because Google. Google sees value in providing a secure navigation for end users, and because of that, it has started giving a ranking boost to all web sites with a secure protocol (HTTPS). Although minor, it can potentially impact your SEO results, and it will put your website under a competitor that has HTTPS.
A secure connection is also important to keep your personal data encrypted and unavailable to hackers and malicious websites. It is especially important on web sites where payments can be made, as you do not want to have your credit card information travelling over the web without any encryption. The whole internet is moving toward a more secure place, and Let’s Encrypt is a great initiative that lets sites of all sizes in on the action. To know more about Let’s Encrypt, please visit https://letsencrypt.org/. To know more about security and what else you can do to make your web site safer, contact us.