SSL lock on browser.

Look familiar?

SSL (secure socket layer) is the standard security technology for establishing an encrypted link between a server and a browser.

This link ensures that all data that is passed between the web server and browser stay private.

When you visit a website that has a form and you fill out your information, SSL helps keep it secured. If you did this on an unsecured website, that information could be intercepted by (yikes) hackers.

It’s often used for user account pages, online checkout, and any site where important or sensitive information is used.

With SSL, your browser will form a connection with the server, look around for an SSL certificate, and then connect together with your browser and the server.

The connection is secure so that only you and the site that you submitted the information can access or see what you input in your browser.

The connection is instant and is typically faster than an unsecured website. If you have a website with SSL, you’ll score much better with SEO as well as security.

Why Do We Use It?

Simply put…to stay secure!

It’s important that information doesn’t get into the wrong hands and you feel at ease when transmitting personal information online.

Otherwise, some crook might take that money you were going to use on vacation and go on one himself.

What’s the Importance of It?

It’s important to keep information safe when online.

With SSL, sensitive information is sent across the Internet encrypted. That means only the intended receiver can access it.

Also, an SSL certificate provides authentication. This ensures that you’re sending the information to the right place and not some hacker who is trying to swipe your information.

SSL providers are important to help verify a company. They use several identity checks to make certain that the website is who they say they are.

Authentication Process

A browser or a server will attempt to connect to a website with SSL. The browser then asks (requests) that the web server identifies itself.

The web server will then send the browser (or server) a copy of its SSL certificate.

The browser checks it out to make sure it can trust it. If it can, it sends a message to the webserver.

From here, the webserver sends back an acknowledgment that’s digitally signed. This starts an SSL encrypted session.

Data between the browser/server and the secure SSL server is shared securely because it’s encrypted.

How SSL works.

How SSL works.

Getting Set Up in the Hub

This is extremely easy to set up because, well, it’s already done for you!

All websites that are hosted with WPMU DEV are provided with SSL certificates.

Considering how unsafe unsecured sites are, it’s essential for us to provide members with this automatically.

You can see the SSL status of your site by clicking on your website’s URL, then Hosting>Domains.

Where you can see your SSL status.

Where you can see your SSL status.

It will have a green checkmark underneath SSL status if all is running well.

Keep in mind that when you add a site, it may take several minutes for a certificate to be ready.

Sometimes the process can take hours or, in very rare cases, an entire day. It just depends on how fast your DNS settings propagate.

Our SSL certificates come from Let’s Encrypt. It’s totally free for you and we renew them every three months.

Custom SSL Certificates

Adding a custom SSL is an option for you as well with our hosting.

The first thing you’ll need to do is submit a Certificate Signing Request (CSR) to a Certificate Authority. Certificate providers (e.g. CSR Generator) usually have tools or can assist you in generating the CSR.

When you obtain the CSR, it’s important to save a copy of the Private Key.

Now, you’ll use the CSR to purchase the SSL certificate. This will give you a Private Key, Certificate, and Certificate Chain.

Your SSL provider should be able to provide you with this information if they create a CSR with their interface.

Keep in mind, you can use wildcard SSL certificates, too.

Our team can upload those for you exactly like non-wildcard certificates.

Also, our support staff can help with adding custom certificates. You can start a live chat or create a support ticket. Either way, we’ll get you all set up.

To learn more about SSL, be sure to check out our article How to Use SSL and HTTPS with WordPress.

A Little Bit on TLS…

Whenever you see SSL being mentioned, you’ll often see TLS, too.

So, what’s TLS?

TLS (Transport Layer Security) is a vastly adopted security protocol that is designed to facilitate privacy and data security over the Internet.

It encrypts the information that is being communicated between web applications and servers (e.g. web browsers loading a website).

TLS actually evolved from SSL, therefore you often see the name SSL/TLS used interchangeably. TLS is basically an upgraded version of SSL. However, there are a few minor distinctions.

Here are five of them:

  1. Alerts: TLS protocol is to remove the alert message. It replaces it with several other alert messages. Meanwhile, SSL has a No Certificate alert message.
  2. Cipher Suites: TLS doesn’t offer any support for Fortezza cipher suite, however, SSL does. TLS follows an improved standardization process that helps make defining of new cipher suites simpler (e.g. RC4).
  3. Handshake: With SSL, the hash calculation additionally encompasses the master secret and pad. With TLS, the hashes are calculated over the handshake message.
  4. Record Protocol: TLS uses HMAC, which is a hash-based message authentication code. It’s used after each message encryption. SSL uses Message Authentication Code (MAC) after encrypting each message.
  5. Message Authentication: TLS depends on HMAC Hash-based Message Authentication Code while SSL authenticates by adjoining the key details and application data in an ad-hoc way.

As you can see, they’re different but are also very similar in nature.

You also now know why you often see SSH/TLS together. TLS fixes some of the security vulnerabilities in the earlier SSL protocols.

Something to remember is that your certificate is not exactly the same as the protocol that your server will use. That means you do not need to change your certificate to use TLS.

Sure, it may be labeled as an SSL certificate, but your certificate already supports both the SSL and TLS protocols.

If you’d like to check out what version of SSL/TLS your web browser is using, you can cruise over to the How’s My SSL tool. It’ll show you instantly.

TLS is probably going to become more and more common of a term than SSL soon, so get used to it.

Differences Between SSH and SSL/TLS

Now that we’ve looked at SSH and SSL/TLS — what are the similarities and differences?

I’ve gone over how they function and what they do, however, the big takeaway is they both use encryption to protect data that is being passed between two network devices.

Here’s a quick breakdown of some of the essential differences between the two:

SSH vs SSL/TLS

SSH vs SSL/TLS

While we are comparing security protocols and acronyms that start with “s,” the other protocol you should know about is when to use SSH vs SFTP.

This is important if you plan to access files on your hosting server securely. Fortunately, we have written an entire article about it here: What is SFTP? How to Transfer Your Files Securely.

Feel Secure Yet?

Security has many layers and differences, as you can see. A strong password isn’t the only thing that’s going to protect you.

Both SSH and SSL have their unique purposes and do what they can to help.

SSL is the primary requisite of security on the web, SSH is an added safety feature of it. When you add TLS into the mix, all three of them render strong and mighty security and safer communication in the web hosting process.

SSH does have some additional features, such as providing multiple data channels to its applications.

It supports the execution of remote programming, TCP connections, and more, which makes it often used by web hosting companies as the sole security protocol.

However, when implemented correctly, they all work well to help keep your information secure.

Throw some good hosting and take other measures (e.g. install our Defender plugin), and you’ll have a knockout system of security for the web.

And now the big difference between SSH and SSL is you’re no longer confused by them.