What happens if my SSL certificate expires? Will I loose my data encryption?

SSL (secure socket layer) is responsible for maintaining an encrypted session between the web server and the visitors web browser. This encryption takes place whether or not the certificate has expired. Most web browsers indicate the presence of SSL encryption by displaying a closed padlock icon. And open padlock would indicate no encryption.

The certificate is a declaration, signed by a trusted third party (the certificate signing authority) that a website is who it is claiming to be. Web browsers automatically accept the certificate for a website if a) the certificate authority is known and b) the certificate has not expired and c) the IP address and domain of the site match those of the certificate. You can learn more about SSL in TechTalk.

If your SSL certificate expires, visitors to your website will get a warning from their web browser indicating that the certificate has expired. Since the authority that issued the certificate no longer certifies the identity of the website, there is no assurance that your website is not being spoofed by another third party.

With the predominance of phishing" scams, the risk is higher that a site collecting sensitive data (such as credit card information) will be spoofed. Although most of the phishing scams target more predominant websites, like PayPal, eBay or the banks, having a valid, SSL certificate is one important element of a total security programme. At the very least, having a valid certificate tells your website visitors that you are doing your part to help protect their privacy and safety.