SSL Certificate

An SSL certificate is a small digital file installed on a website’s server that encrypts data passing between that server and a visitor’s browser, while also verifying the website’s identity, together enabling the secure “HTTPS” connection visible in a browser’s address bar.

SSL, short for Secure Sockets Layer, was originally developed by Netscape in the mid-1990s to protect sensitive information being transmitted online, such as login credentials and payment details, which had previously travelled across the internet as plain, readable text.

SSL has since been succeeded by a more secure protocol called TLS (Transport Layer Security), though the certificates themselves are still commonly referred to as “SSL certificates” out of habit, even when using the newer TLS standard underneath.

The certificate works through a brief exchange known as an SSL handshake: when a browser connects to a site, the server sends its certificate, the browser checks that the certificate is valid and trusted, and the two then exchange the cryptographic keys needed to encrypt all further communication for that session. This entire process happens automatically within a fraction of a second and is invisible to the visitor.

SSL certificates are issued by a certificate authority (CA), a trusted third-party organisation that verifies a website’s ownership before signing the certificate with its own digital signature, allowing browsers to confirm the certificate is genuine.

Certificates come in three main validation levels: Domain Validation (DV), the fastest and most affordable option, which only confirms that the applicant controls the domain; Organization Validation (OV), which additionally verifies that the requesting business is a legitimate, registered organisation; and Extended Validation (EV), which involves a thorough manual review and is most commonly used by ecommerce and financial sites that handle sensitive customer data.

Free certificates, such as those issued by the nonprofit certificate authority Let’s Encrypt, are widely used and are often included automatically by hosting providers, while paid certificates from established CAs typically add stronger validation, warranty coverage, and dedicated support.

Example

A customer browsing an online store notices a closed padlock icon next to the address bar and proceeds to enter their card details at checkout with confidence. Behind the scenes, the store’s SSL certificate has already encrypted the connection between the customer’s browser and the store’s server, ensuring that the card number and other personal details cannot be intercepted and read by anyone monitoring the connection as the information travels between the two.

Key characteristics

• Enables HTTPS: A valid SSL certificate is required for a website to load over HTTPS rather than the older, unencrypted HTTP protocol, with most browsers now flagging HTTP-only sites as “not secure.”
• Encrypts data in transit: Information such as login details, addresses, and payment data is scrambled during transmission, preventing it from being read if intercepted.
• Verifies site identity: Beyond encryption, an SSL certificate confirms that visitors are connecting to the genuine website rather than a fraudulent copy designed to steal information.
• Multiple validation levels: DV, OV, and EV certificates provide the same strength of encryption but differ in how thoroughly the certificate authority verifies the requesting organisation’s identity.
• Requires renewal: SSL certificates expire periodically and must be renewed to maintain a secure connection; an expired certificate triggers security warnings that can damage visitor trust.

Related terms

• Hosting – the server-based service on which an SSL certificate is installed and activated to enable HTTPS for a website.
• Domain name – the web address that an SSL certificate verifies ownership of as part of the validation process.
• Payment gateway – a checkout service that depends on a valid SSL certificate to securely transmit customer payment information.
• Ecommerce – the broader category of online commercial activity for which SSL certificates are considered an essential security requirement.
• Extension – a domain suffix that, like an SSL certificate, contributes to how trustworthy a website appears to visitors.

Frequently asked questions

What is the difference between SSL and TLS?

TLS is the more secure, updated successor to the original SSL protocol, but the term “SSL certificate” remains in common use even when a site is actually using TLS encryption underneath. Functionally, both serve the same purpose: encrypting data and verifying a website’s identity.

Does my online store need a paid SSL certificate?

A free SSL certificate, such as one from Let’s Encrypt, provides the same level of encryption as a paid certificate and is sufficient for many smaller sites. Ecommerce stores handling sensitive payment information often choose a paid Organization Validation or Extended Validation certificate for the additional identity verification and visitor trust it provides.

What happens if an SSL certificate expires?

An expired SSL certificate causes browsers to display security warnings to visitors, which can damage trust and deter customers from completing a purchase. Most hosting providers and certificate authorities offer automatic renewal to prevent certificates from lapsing unexpectedly.

Can a fraudulent website have an SSL certificate?

Yes, a phishing or fraudulent site can obtain a basic Domain Validation certificate, since that level only confirms control of the domain rather than verifying the legitimacy of the business behind it. This is why a padlock icon alone does not guarantee a site is trustworthy, particularly for sites without Organization or Extended Validation.

AliDropship: An all-in-one platform for starting dropshipping in 2026

AliDropship is a dropshipping platform that covers store creation, product imports, order automation, and marketing within a single system. It is designed for users with no prior ecommerce experience, though it also supports scaling for more established stores.

🛍️ Free turnkey store

New users receive a free pre-built store – set up, designed, and stocked with products. The store includes a ready-to-use product catalogue and a standard storefront design. It also comes with hosting, a domain, SSL, and payment systems already set up and included.

📦 Products

The platform provides access to a product catalogue covering both trending and niche items, with one-click import to your store. The catalogue is updated regularly to reflect current market availability. Products can be browsed, filtered, and added without leaving the platform.

🚚 Shipping & fulfillment

AliDropship provides access to a vast catalogue of products from global suppliers and handles order fulfillment automatically once a purchase is made. Customers receive tracking information directly, and orders are processed without manual intervention from the store owner.

📣 Marketing & promotion tools

The platform includes built-in marketing tools covering email campaigns, discount management, SEO settings, and social media integration. These are available within the dashboard and do not require third-party subscriptions for basic use.

👌 Ease of use

AliDropship requires no coding knowledge. The dashboard contains all the necessary tools for managing your store, products, and orders in one place. Additional features and products can be added as the store grows without rebuilding the existing setup.