What Is an SSL Certificate and Why Does Your Website Need One?
If you’ve ever noticed a padlock icon in your browser’s address bar, you’ve seen an SSL certificate at work. SSL — Secure Sockets Layer — is the technology that encrypts the connection between a website and its visitors, ensuring that any data passed between them can’t be intercepted by third parties.
Despite the name, modern websites actually use TLS (Transport Layer Security), an updated and more secure version of SSL. The term "SSL certificate" has stuck, however, and is still used universally. Every reputable website should have one — and if yours doesn’t, it’s costing you trust, rankings, and potentially customers.
How SSL Certificates Work
An SSL certificate is a small data file that binds a cryptographic key to an organisation’s details. When a visitor’s browser connects to your website, the server presents its SSL certificate. The browser verifies that the certificate is valid and issued by a trusted Certificate Authority (CA), and the two then establish an encrypted connection using a process called the TLS handshake.
The result is that all data transmitted between the browser and the server — form submissions, login credentials, payment details, personal information — is encrypted. Even if someone were to intercept the data in transit, they would see only meaningless encrypted gibberish rather than readable information.
SSL certificates are issued by trusted Certificate Authorities — organisations like Let’s Encrypt, DigiCert, Comodo, and Sectigo. Your browser and operating system maintain a list of trusted CAs, and only certificates from these authorities are displayed with the padlock icon.
Types of SSL Certificate
There are three main types of SSL certificate, differentiated by the level of validation the CA performs before issuing them. Domain Validation (DV) certificates simply verify that you control the domain. They’re the most common type and are often free via services like Let’s Encrypt. They provide encryption but don’t verify any information about the organisation behind the site.
Organisation Validation (OV) certificates require the CA to verify the legal existence of the organisation. Extended Validation (EV) certificates involve the most rigorous vetting process. EV certificates used to display the company name in a green bar in the browser, though most modern browsers have scaled this back — the padlock icon looks the same regardless of certificate type.
For most small business websites, a free DV certificate from Let’s Encrypt is entirely adequate. E-commerce sites and financial services providers may wish to consider OV or EV certificates for the additional trust signal they provide to customers.
Why Every Website Needs an SSL Certificate
Google has flagged HTTPS as a ranking signal since 2014. While it’s a relatively minor factor compared to content and links, all else being equal, an HTTPS site will outperform an HTTP equivalent. More significantly, Google Chrome marks all HTTP sites as "Not Secure" in the address bar — a visible warning that undermines visitor trust immediately.
If your site collects any data from visitors — contact form submissions, email newsletter sign-ups, user accounts, payment details — you have a legal obligation under UK GDPR to protect that data in transit. An SSL certificate is a fundamental part of meeting that obligation.
Free SSL certificates are available from Let’s Encrypt and most reputable web hosts will install and auto-renew them for you. There is genuinely no good reason for a website in 2024 to still be running on HTTP.
Common questions.
Is an SSL certificate free?
How do I know if my website has an SSL certificate?
How long does an SSL certificate last?
More on web design & ux.
Want a hand putting this into practice?
Book a free, no-obligation consultation with a Norwich-based specialist.
Let's put your business in a better light.
Book a free, no-pressure consultation. We'll talk through your goals and tell you honestly what we'd do — whether you work with us or not.