Website Security

What Is an SSL Certificate?

Published Ocak 5, 2025

SSL certificates are a fundamental part of web security. They establish an encrypted connection between a user's browser and a web server, ensuring that sensitive information cannot be intercepted in transit.

Quick answer: An SSL certificate is a digital file installed on a web server that enables HTTPS encryption. It verifies the identity of the website and encrypts data in transit. You can see it as a padlock icon in your browser's address bar.

How SSL Certificates Work

When you visit an HTTPS website, your browser performs a "TLS handshake" with the server:

  1. The server sends its SSL certificate to the browser.
  2. The browser verifies the certificate was issued by a trusted Certificate Authority (CA).
  3. An encrypted session is established using asymmetric and then symmetric encryption.
  4. All data transferred in the session is encrypted.

Types of SSL Certificates

  • Domain Validation (DV) — Verifies you own the domain. Issued quickly, used by most websites.
  • Organisation Validation (OV) — Verifies the organisation behind the domain. Used by businesses.
  • Extended Validation (EV) — Highest trust level. Previously showed the company name in the address bar. Used by banks and financial institutions.
  • Wildcard SSL — Covers a domain and all its subdomains (e.g. *.example.com).
  • Multi-Domain SSL (SAN) — Covers multiple different domains in one certificate.

Free vs Paid SSL Certificates

Let's Encrypt provides free DV certificates that are trusted by all major browsers and renew every 90 days. Most hosting providers now offer free Let's Encrypt SSL. Paid certificates from providers like DigiCert or Sectigo offer extended validation, insurance and longer validity periods.

How to Check a Website's SSL Certificate

You can inspect an SSL certificate by:

  • Clicking the padlock icon in your browser's address bar
  • Using our free SSL Checker tool

Check for: certificate validity, issuer name, expiry date and whether the domain matches.

Common SSL Certificate Problems

  • Expired certificate — The most common issue. Browsers show a warning when visiting.
  • Domain mismatch — Certificate issued for a different domain.
  • Self-signed certificate — Not issued by a trusted CA — browsers warn users.
  • Mixed content — HTTPS page loading HTTP resources causes warnings.

Related Guides

How to Check If a Website Is Safe
Learn the key signs that tell you whether a website is safe to visit, use or buy from.
How to Tell If a Website Is Fake
Discover the most reliable ways to spot a fake, cloned or fraudulent website before it's too late.
What Is a Phishing Website?
A phishing website is a fraudulent site designed to trick you into revealing passwords, card numbers or personal information.
HTTP vs HTTPS: What's the Difference?
Understand the key differences between HTTP and HTTPS and why HTTPS is essential for every website today.
Common Signs of Scam Websites
Recognize the most common warning signs that a website may be a scam or fraudulent before you hand over any personal data.
Free Tools
Categories