Disclosure: Aussie Hosting is community run. We sometimes earn a commission when you buy hosting through our links. Learn more.
Complete Guide to SSL
If you never paid much attention to SSL (Secure Sockets Layer) technology before, this might be the time to get past the gag reflex at yet another technical acronym, if for no other reason than Google is going to brand your website as unsafe by the end of 2018 if you don’t have this encryption-level security installed. The problem for the average online entrepreneur or marketer is that doing serious comparison shopping for SSL providers seems about as much fun as smashing your thumb three times in a row with hammer.
Here are two common questions:
- What type of SSL certificate should I get?
- Are free ones okay?
Not to worry, gentle reader, we’ll answer all this and more on the road to providing you with almost everything you need to know about SSL certificates and hardly anything you don’t. That’s our long-winded way of saying we’ll try to stick to the important stuff.
What Is An SSL Certificate?
This isn’t the kind of certificate you hang on your wall at work for a job well done. This kind of certificate only gets read by a computer and server as they pass data back and forth. It adds a level of encryption that means information moving between two points out there on the internet is secure from prying eyes.
Visualize a purchase from Amazon. Even better, type Amazon.com into your browser and look up at the top left of the page, in the URL bar. You should see the word ‘SECURE’ in green and an address that starts with HTTPS. That extra ‘S’ means that SSL technology is in place and functioning on this website, toiling away in the background to protect your credit card number and identifying personal information from anyone who might be in the data-theft business.
If you land on a website that doesn’t have the word ‘SECURE’ or an ‘S’ after HTTP, you should think long and hard before entering any type of information into any forms you find there. Eventually, Google will get around to branding all such websites with a red ‘NOT SECURE’ until its owner installs a valid SSL certificate.
SSL Benefits – Besides the Obvious
One obvious benefit to using an SSL certificate on your website is that customers don’t get their credit card number stolen. Yay! Those that collect credit card information on a website are required by an industry watchdog organization known as the Payment Card Industry (PCI) to have a valid certificate in place immediately if not sooner.
It should not be surprising to think that a big, red ‘NOT SECURE’ at the top of your website won’t do much to reassure visitors as to the kind of experience they can expect. You want them to feel warm, comfortable, and safe from phishing schemes and other nefarious types of hacker misbehavior.
Last and certainly not least, even if Google hasn’t moved to completely lay the smackdown on non-SSL websites, the search engine giant does give an SEO boost to those already compliant with SSL. In the hard-fought game of securing a first page listing for your most profitable keywords, you should grab hold of every advantage available.
What Type of SSL Certificate Do You Need?
Since nothing having to do with computers or the internet can ever be simple, you should be aware, as you start your journey towards the land of SSL compliance, that there are three different types of SSL certificates.
Commonly referred to as a ‘low assurance,’ this type of SSL certificate requires a very basic level of security in which the certificate issuer typically only checks the WHOIS record to make sure that the person applying for the certificate actually owns the website.
This is the cheapest kind of SSL compliance and is normally issued immediately upon application. To a visitor who pays attention to that kind of thing, a low assurance certificate provides nothing more than evidence of going through the motions of securing a website. This is the flavor of SSL that most individuals get who aren’t online to make money. We’re talking about hobbyist bloggers, etc.
Though the process to receive this kind of certificate is similar to that associated with domain validation, more information is collected, which is the reason these are referred to as high assurance certificates. In addition to domain validation, the company must provide documentation regarding identity, specifically:
The additional security an organization validated SSL certificate provides potential website visitors more than makes up for the lengthier processing time (a few days) and additional cost. If you own a business or company with a website, this is the certificate you want.
Extended Validation Certificate
As the new kid on the block, an extended validation certificate requires everything included in the organization validation process and a little bit more. Basically, you have to prove not only that you have a legitimate name and address but also that you are an actual company in pursuit of business objectives. It might take as long as a few weeks to receive this type of certificate – signified by a green padlock in the URL bar – but if you’re an ecommerce business, don’t bother with the other two. Get this one!
We’d like to address the idea of free SSL certificates before we’re done. The problem with anything free you find online is that the entity behind it can run the gamut from being a sleazy, malicious malware merchant to just a guy or gal looking to turn a buck. The bottom line is that Google is not a big fan of free certificates and will likely throw up a warning message to a visitor to your website offering them two options:
- “Proceed anyway.”
- “Back to safety”
More than a few will choose the latter and that’s not good for business. When it comes time for the rubber to meet the road, there is one thing to consider. Is the $5 to $10 a month it costs to get a legitimate certificate worth the increased sales you’re likely to earn? We’re going to take a wild guess and say, “Heck, yes!”
A few legitimate SSL certificate sellers to get you started: GeoTrust, DigiCert, Symantec, and the ubiquitous GoDaddy.