SSL Certificates: All You Need to Know

launching-https-secure-website-concepts-with-113896527-ssl

Introduction to an SSL Certificate

Following on from my “How Compliant Really Are You?” article, get ready to find out exactly what an SSL Certificate is, and what they do for you and your clients.

The web is a place full of hackers, just waiting to get their hands on your clients’ data. To put it in short, an SSL Certificate encrypts your website visitors’ data while it is being sent across the net, preventing this from happening.

It doesn’t stop at security either; not having an SSL Certificate installed means that Google will flag your website as untrusted, and therefore punish you in the Search Engine Results Page (SERP). 

What’s more, is that traffic referred from an HTTPS:// (secure) site won’t count as a referral, meaning you won’t be able to accurately track your traffic.

You’d be surprised at how many well-known sites (and I mean huge firms!) don’t actually encrypt your data. Now I’m not one to name names, so if you’re interested please feel free to check out Google’s official log here. 

So, what does SSL Certificate really mean?

“SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.”

An SSL Certificate protects the following activities:

  • Payment Transactions
  • Data Transmission
  • Customer Logins
  • Social Media Activity

Types of SSL Certificates can be grouped by:

  • Validation Level
    • Domain
    • Organisational
    • Extended
  • Number of Domains:
    • Single
    • Wildcard
    • Multi-Domain (also known as Unified)

Validation Groups

  • Domain – this is the lowest level of protection, as there is no human interaction. It is authorised by proving ownership of the domain and can be authorised in approximately 5 minutes. This is the cheapest option.
  • Organisational – next up on the security list, can take a few days as the business name and location also needs to be verified. This is next up in price too.
  • Extended – yep you guessed it, the highest level of security available. Here you will be contacted and need to prove your legal existence. It can take up to a few weeks and is the most expensive.

Bonus Info – Self-Signed – Not Recommended!

These types of certificates can be signed by the website owner – by you.  If you have any anonymous visitors to your site DO NOT use this type of certificate as you could be hacked.

Domain Groups

  • Single-Domain – this will protect ONLY ONE domain OR sub-domain
  • Wildcard – this allows an unlimited number of subdomains within your chosen domain
  • Multi-Domain – this allows up to 100 domains registered on one certificate

So how do I know what’s right for me?

You need to consider the following aspects:

  • How many domains or subdomains do you have or want?
  • How important is it for your customers to trust your site, or what type of data/transactions will your site be making?
  • How much do you have to spend?

How do I choose a provider?

According to Znet, these below are the top SSL Certificate Providers of 2018, with Comodo SSL Store coming in top: 

SSL Certificate Top Providers 2018

Now you don’t necessarily need to choose any of these, but if you don’t I highly recommend that you take into consideration each column and how your intended provider compares.

Things to Consider

Before purchasing an SSL Certificate, please check that your hosting provider will allow installation from an external source.

Again, not to name names, but I recently purchased a couple of Comodo Certificates for a client, and their Hosting Provider would not allow them. Now luckily Comodo SSL Store refunded me with no questions asked, but it wasted a lot of time and cost more money (3x the amount per certificate compared to Comodo to be exact!).

Once you have had your Certificate Activated and Installed, you will still need to update your website to show as HTTPS. Now, this can be a tricky process, so if you are not 100% sure I would recommend the plugin Really Simple SSL which does all of the hard work for you.

Summary

It doesn’t need to be hard work to get your website compliant with an SSC Certificate, but I understand it can be a little overwhelming.

If you would like any advice or assistance, as always please feel free to get in touch – happy to help 🙂 

Disclaimer: This blog does not provide legal advice and does not create a lawyer-client relationship. If you need legal advice, please contact a lawyer directly.  This article contains affiliate links.