January 11th, 2018
In the modern digital age, online visitors are continually seeing stories about websites being hacked or infected with malware. If they sense for one minute that the site they are about to visit is not secure they will run quicker than you can say ‘SSL’.
Nearly 84% of consumers stated they have abandoned a purchase when they realised the website is not secure.
The easiest way to secure your website is by purchasing and installing an SSL certificate. You may have noticed when browsing online that the address bar can include a padlock, either that, or, the URL starts with ‘HTTPS’ instead of ‘HTTP’, this is an indicator that the website is using an SSL Certificate.
For most businesses hearing about SSL certificates won’t be alien, as your developer should have raised this when building/working on your website. If not, then it is now more essential than ever to make sure you have purchased an SSL.
What is an SSL?
SSL is a digital certificate that authenticates the identity of your website, encrypting sensitive data when it is transmitted between the browser and a server. This offers an added layer of security for visitors on your website.
Without this data, it will be sent in plain text, meaning it can be intercepted, making personal data such as debit card or login details unprotected.
How will an SSL benefit me?
The main importance of having an SSL, is that all sensitive information is protected which includes items such as login credentials or credit card details. By showing that your website is secure this will help build your customer’s trust.
As of October 2017, Google started including SSL as a ranking factor. If you are still using ‘HTTP’ Google will mark your website as not secure. As you may have already seen, any consumer using Chrome to visit your website will be displayed a large red warning message explaining that the site about to be visited is unsafe, not the first impression you want to give. Also for those who switch to ‘HTTPS’ Google will provide a slight ranking boost.
Types of Validation & Certificates available
Now you can see that it’s crucial, you will need to make sure you purchase the relevant one for your business. There are three levels of certificate validation –
Domain Validated (lowest level) – The Certificate Authorities (CA) will issue an SSL to anyone who can show they own the domain on WHOIS record of domain. This is confirmed by a phone call or email, then, within minutes, you receive your SSL. As there are no thorough checks that the business is legitimate, this type of certificate is seen as the zero rating seller. The only time you would purchase this type of SSL is when security is not a concern, eg internal systems. It may be cheap and quick but NEVER use this for a commercial website.
Organisation Validated (Medium level) – To purchase this type of certificate you will be authenticated by an agent using government databases. The CA will validate that the domain is owned along with the name of the business and location. The SSL will contain your business information and is the required certificate for all commercial websites.
Extended Validation (strictest level) – This is seen to be the most trusted type of SSL, Certificate Authorities will validate the business credentials, location, and legal existence. It will also confirm that you are aware of the SSL request before it is approved. This is the only certificate which proves your website is owned by a verified business. By purchasing the extended validation certificate your URL will display a green padlock. For all e-commerce businesses, this is highly recommended.
Depending on how many domains you currently use you will also need to factor in the type of certificate you purchase –
Single Domain Certificate – This allows you to protect a single subdomain/hostname. Example: If you purchase a single domain for www.example.com, it won’t mean you can also secure mail.brave.com.
Wildcard SSL Certificate – Businesses can secure a single domain and also an unlimited amount of sub-domains. Example: If you purchase a wildcard for www.example.com, it will secure subdomains such as contact.example.com, help.example.com, etc.
Multi-Domain SSL Certificate – You can secure up to 100 domains with a single SSL certificate. This is done with the help of a SAN extension. You will be able to add or remove domains at any given time. This helps administrators as they will only need to keep track of one certificate for all domains. Example – www.example.com, www.example-1.com, www.example-2.com.
Right, I have my certificate, what happens now?
All that needs to happen now is installing the certificate on your server, this is typically done by the developer or agency that is managing your website.
Here at Brave, we have been helping clients with this process more than ever, now it is a key requirement for Google Chrome. If you are still unsure about the type of SSL certificate you require or just need some guidance, give us a call on 0845 544 3626 so we can help you get the security your customers deserve.