What is a website SSL certificate and why does it matter?

There you are, browsing along, clicking on sites and pages, and suddenly a notification stops you in your tracks: “This website’s SSL certificate is expired.” Do you want to continue? Should you worry? Learn more about what this message means and if you can safely proceed to the website.

What does SSL mean, anyway?

SSL stands for “secure sockets layer” because secure sockets form a layer of encryption for information entered in online forms.

Microsoft Defender

Stay safer online with one easy-to-use app¹

¹Microsoft 365 Personal or Family subscription required; app available as separate download

Learn More

SSL should always be enabled on websites where people need to enter information. Think login pages, pages that capture credit card and address information, or pages where a lot of sensitive personally identifiable information need to be filled in. In short, the need for SSL is everywhere, and it benefits both site users and site developers by ensuring the vital information communicated between the two remain safe. This protection needs to be periodically inspected and certified to be sure it’s still doing its job in the most up-to-date way.

Here’s some ways you can check if SSL is present on a site you’re visiting.

The lock icon on the browser bar. If you see it, SSL is active. You can check for expanded details—like to whom the certificate was issued—by clicking on it. Pay attention to the lock color, since it can let you know if everything’s in good order. If you see a green lock and check mark, the site is in the clear. If you see a red or unlocked padlock, you have a potential issue on your hands.
That “s” on the end of https—it stands for secure.
Browser notifications. You may notice a pop-up message temporarily blocks your content and it tells you that the website should be protected but isn’t anymore.

“In short, the need for SSL is everywhere, and it benefits both site users and site developers by ensuring the vital information communicated between the two remain safe.”

What to do about SSL certificate issues on websites you visit

As a user, your options are a bit limited, and mostly rely on you being alert and proactive. They include:

Contact the site owner about SSL certificate issues. It’s possible the site owner might not know about the problem and will be grateful for the heads up, since having safe data practices is good business and issues like SSL warnings may scare off customers.
Be alert to what site you’re using. Bookmark your trusted official sites, like banks, to reduce your chances of landing on a phony site masquerading as a trusted one. If you navigate to a site, be vigilant of common typos or slight misspellings hackers exploit to capture your data. And of course, watch out for those SSL indicators listed above for an extra level of reassurance.
Minimize risk. SSL messages pop up when there are actual risks of data loss and malware if you proceed. But, if all else fails and you truly want to proceed on a site that’s flagging an SSL issue, at least keep the level of potential damage low by limiting what you share. Don’t enter personal data like a social security number, which can wreak havoc on your life if it’s compromised. Consider using a Visa gift card to pay for purchases, so if the number is stolen you only lose the amount on the card rather than your entire life savings. Watch statements on accounts and credit cards for potential signs of fraud. And finally, consider the source. While hackers can target and exploit any vulnerability, odds are they haven’t yet made it to your friend’s homemade candle website and are instead trying their luck at thousands of people’s data by fabricating a look-alike online banking system. It’s more likely your friend forgot to update the SSL than their site being compromised, so give your friend a heads up.

SSL tips for site owners

If you’re a site creator, here’s how you can make sure the experience is safe and seamless for your visitors.

Keep those SSLs updated. SSL issues often occur when you lose track of expiration dates, which is easy to do since different kinds of SSL certificates have different lengths of validity. On top of that, protocol related to SSL expiration has shifted in recent years due to changing standards from regulators and internet browsers. And the internet safety landscape constantly shifts, which is why you need to recertify your SSL certification. To be safe, set a calendar alert every six months to a year to check your certificates on various parts of your site, and allow for the time and costs to recertify.
Audit your site to see where you need SSL certificates. Any time you collect data, SSL should be in play, and purchasing transactions require the highest level of SSL certification. Do your research as you expand and build your site to make sure you’re covered where appropriate.
Consult a security expert or other site-building professional. Different sites require different needs, and it can’t hurt to check in with someone who’s done it before. The good news is that app services and website builders often come with SSL certificates, but content management systems will need some extra plug-ins to get them SSL certified. Know what you’re working with and what you need to succeed.

SSL is an important way to keep the internet working for everyone—well, everyone but hackers, that is. Extra insight into its role in data security for websites can benefit both visitors and site creators alike.