It’s time to get an SSL Certificate!
According to Chrome security product manager Emily Schechter, Google will start marking all non-https sites as “Not Secure” in the popular browser beginning in July.
In October 2017, Google started showing an error message for any website that has a contact form but no SSL certificate, and for any website that is viewed “Incognito” without one. Now they’re taking that a step further.
This message reads “NOT SECURE”, so you can imagine your customers won’t like seeing that.
Until recently, SSL certificates were considered an optional expense for most websites. Only e-commerce and large companies prioritized obtaining them. But, times change, and this change is for the better.
Many SEO-conscious companies have avoided transitioning to https simply because of the potential impact it could have on their website’s search engine rankings. There was a time that this was true, however, Google has made it clear that they will not punish a website for redirecting from http to https.
And due to their efforts to promote a more secure web, you can see where we’re going with this: it’s time to get an SSL certificate on your website.
What is an SSL Certificate and what does it do?
At its core, SSL (Secure Sockets Layer) is meant to connect computers to a secure server. SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details, which in turn, makes websites safer. An SSL certificate guarantees that customers’ personal information will not be stolen or misused.
SSL is the underlying technology used to transfer credit card details, banking details, tax information, login details, or other personal information to a web server. It is mandatory for sites where multiple transactions take place on a daily basis, as it protects their business interests and reputation, as well as their customers’ data.
Types of SSL Certificates
Choosing the ideal SSL certificate requires some thought and consideration. Due to the availability of numerous SSL certificate types and providers, it helps to be aware of the different types of certificates and how to use them.
Let’s get started with understanding the various types of SSL Certificates and how they can accommodate your business needs. SSL Certificates are categorized based on validation levels and the number of secured subdomains and domains.
1. The Validation level – At the validation level, organizations are issued certificates by authorities only when their identities have been validated.
i. Domain Validated (DV) Certificates
These are the lowest and most basic level of validation – known as low assurance certificates. This basic level of certificate is great for most sites, as it tells the visitor that the website uses encryption to send personal data.
Process: The Certificate Authority (CA) verifies that an organization has control over the domain and approves the request.
The verification process takes place via email or by configuring a DNS record for the site or HTTP.
Time and Cost: The process takes anywhere from a few minutes to a few hours. As the process is automated, the expenses are minimal.
Indicator: DV certified websites display a green lock or a grey lock in the browser.
Who Should Use It: Bloggers, photographers, hobbyists, and sites that provide information to the visitors. If you’re looking for the certificate to be issued immediately, this is the certificate you want. You can also use it for your internal systems.
ii. Organization Validated (OV) Certificates
Offers a medium level of validation, known as high assurance certificates. This level of certificate is similar to DV, except it always tells a privy user that your website is verified to represent who you say you are, in addition to showing that you use encryption for sending data.
Process: The Certificate Authority (CA) conducts a basic investigation of the organization by real agents. It involves getting in touch with the organization to ensure its authenticity.
The Certificate Authority validates the ownership of the domain along with all the information that the organization included in the certificate, such as the name and physical address.
Time and Cost: It can take up to a few days to get this certificate, and the cost is higher than domain validation.
Indicator: Websites display a small padlock with the “https” prefix in the browser bar. When users click on the Secure Site Seal, it will show you that the certificate is valid.
Who Should Use It: This certificate is ideal for small e-commerce sites, but can be used by any business or organization.
iii. Extended Validated (EV) Certificates (aka “Green Bar” certificates)
Offers the strictest level of validation and provides the highest degree of assurance. This is the king of Certificate types, showing that your business takes security very seriously.
Process: The Certificate Authority (CA) validates the ownership along with the organization information, physical location, and the legal existence of the company.
It also validates whether the organization is aware of the SSL certificate request before approving. In this process, documents are mandatory as they help certify the company identity.
Time and Cost: The process takes weeks and is the most expensive of all the validation processes.
Indicator: EV certificate turns the visitor’s browser bar green, indicating a high level of security.
Who Should Use It: All websites that conduct financial transactions.
2. The Number of Secured Domains And Subdomains – Apart from their validation levels, SSL certificates are also issued based on the number of domains and subdomains.
i. Single-Name Domain
This helps protect a single subdomain or a hostname. Opt for this if you skipped securing a domain or a subdomain that was added to the site at a later point in time. E.g. It can protect xyz.com, but not abc.xyz.com. These will typically still work with or without www (ayokay.com or www.ayokay.com will work).
This helps protect a limited or unlimited number of subdomains for any single domain. It means that apart from your homepage, it will also cover other subdomains.
E.g. It can protect xyz.com, abc.xyz.com, and so on and so forth.
This helps protect as many as 210 domains with a single certificate using the SAN (Subject Alternative Names) extension. The number offered depends on the provider.
If you’re looking forward to securing Microsoft Exchange and Office Communications environments, this certificate is your best bet.
The certificate is also compatible with shared hosting.
E.g. It can protect xyz.com, abc.com, etc.
Apart from the SSL certificates mentioned above, you can also settle for Self-Signed certificates or certificates signed by their creator, as opposed to a trusted authority. Free of charge, these certificates encrypt personal details similarly to other SSL Certificates.
But we wouldn’t recommend it. These certificates prompt most of the servers to display a security alert, and often advise the visitors to abandon the page due to potential security risks. While it isn’t recommended for public use, you can use it internally.
What is AutoSSL from cPanel?
If your website is hosted on a cPanel server, one option is to use AutoSSL. This features automatically generates a DV level certificate for your website. AutoSSL can also automatically install if your purchased certificate expires. This way your website has no gap in security.
The difference between this and paid certificates is that the length of time these certificates are valid is generally very short (a few months), whereas a typical certificate can be registered for 1-3 years. There is also a limit to the number of websites on one server that can have AutoSSL enabled.
Essential Pointers for Buying the Best SSL Certificate
Before you buy an SSL certificate from a reliable provider, here are some essential pointers to help you make a more informed decision:
- Know Your Requirements
A basic rule of the thumb is to know why you need an SSL certificate and what it requires.
- Do you need to secure more than one domain?
- Do you have an e-commerce website?
- How important is your customers’ or clients’ trust?
- How much are you willing to spend?
Questions like these will help you correctly assess your needs and take the next step for buying the best certificate to meet your end goals.
- Choose the SSL Certificate Provider – There are several well-known SSL Certificate Providers – such as VeriSign, Comodo, GeoTrust, Symantec, and Digicert. It can be perplexing to pick and choose. Be sure to consider the following factors:
- The brand’s reputation
- Reviews posted by previous users
- Level of service
- Issue time
- Server licensing
- Supported browsers
- Trust level
- Site seal
Also, before moving forward with a provider, weigh all the pros and cons of various packages. Reading their whitepapers and blogs will give you a better idea. Take your time in consuming all the information carefully!
- Decide the Budget
Various SSL Certificate Providers have different packages for the certificates. Establishing a budget can help you in choosing a provider without the cost going through the roof! At the same time, don’t settle for anything that’s subpar just because you don’t want to overstep your budget. The certificate you choose can have an impact on your website in the long run.
Calling it a Day
If you want to increase customer confidence and promise high levels of security, SSL certificates are a must.
Apart from procuring the certificates, you must also ensure that they all stay up-to-date. Keep an eye on their expirations. Buying and maintaining SSL certificates is a continuous and important process that will helps to create trust with your customers.