Remember those puzzles on the place-mats at restaurants…
… that gave you a jumble of numbers or letters and you had to figure out what other letters went with each number to spell a secret word? The great thing about those puzzles for parents and the restaurant wait staff was that it might have taken you the whole time you were waiting on your lunch to arrive to figure them out — so you weren’t pestering your parents or climbing under the next table and upsetting the other diners. Maybe you, or people you knew — the class geeks — invented a similar kind of secret system to pass notes across the classroom behind the teacher’s back.
The fancy-schmancy word for those secret code puzzles is cryptograms. Those geeks from your 1st grade class grew up and started making those puzzles as complicated and as hard to solve as possible, and now pretty much everything that’s zooming around the internet is actually in the form of those unsolved puzzles. A computer on one end of the internet (your laptop, iPhone, or Galaxy tablet), uses a key to generate the puzzle, and it sends the puzzle across the internet to a computer somewhere far away (a box with some mysteriously flashing lights among many such boxes in a warehouse in Seattle) that is in charge of recording an Amazon.com order gets that puzzle and uses another key to decode it.
Why do computers do this?
They didn’t used to — and some still don’t. The problem is that as your message is shooting across the internet, just about anyone can read it. It’s like sending a post card in the mail. There’s no envelope. The mail carrier can read everything about your Aunt Daisy’s trip to Florida as he’s walking it up your driveway to your mailbox. Like the notes passed in 1st grade. If the teacher caught it, he could read its contents to the whole class, and then everyone would know that Harry has a crush on Sally. That’s why those geeks started turning their messages into secret codes. If the message got caught, the teacher would have to spend a lot of time on her lunch break cracking the code.
The problem on the web is that when you send a message from your laptop across the internet, and the message has your password to log into your favorite shopping site, or your credit card number to place an order — someone could just read that as it goes by, and then everyone knows your password or credit card number. Bad news! That’s why computers send messages using secret code puzzles — puzzles that would take a supercomputer years to figure out.
So what’s this got to do with SSL Certificates?
Glad you asked! An SSL Certificate is actually a pair of decoder keys. They’re like the computer’s magic decoder rings you used to get from sending in breakfast cereal box tops. Every pair of keys fits together with it’s match, and only with it’s match. One of the rings is a public key ring that gets sent with the message. The other one of the rings is a secret ( or “private”) key ring. But it takes both keys together to decode the message. When the message from your laptop arrives at the website you’re sending the message to, the first thing that website does is check to see if the keys match.
If the keys don’t match, you know something has gone wrong and a warning appears in your browser saying that the website is not secure. If the keys do match, then they are used to decode the message. But anyone who’s trying to “listen in” will only have 1 of the 2 keys — they won’t be able to decode the puzzle (or if they tried it would take them a couple hundred years), and your message stays safe!
Do I need an SSL Certificate for my website?
The short answer is, YES.
While you can operate a website without one, that would be like sending everything to and from your site on a postcard. More and more browsers are letting visitors know when websites are not protected with an SSL certificate and exposing their browsing habits to the whole world. So don’t get caught with your internet pants down. Make sure that whatever web hosting plan you get has SSL as part of the deal.