Starting in July 2018, the Google Chrome browser will mark all HTTP websites as insecure. This is a big deal for businesses. Chrome is the most popular browser in the world. If you don’t have an HTTPS-enabled website, your customers are likely to see that warning. So how do you get an HTTPS-enabled website? By acquiring an SSL certificate.
What’s an SSL certificate?
SSL certificates authenticate the identity of your website. They’re also required to enable the secure HTTPS protocol. In turn, the HTTPS protocol encrypts your website’s traffic.
eCommerce sites, banks, governments, and online apps were the first big users of SSL and HTTPS. These organizations handle lots of sensitive information. Encrypting transactions was a necessity.
In recent years, SSL certificates and HTTPS have become more of a standard for all websites. Google has been very active in this push with changes to their search engine and Chrome browser.
Why Do You Need an SSL Certificate?
Privacy and security are the primary purposes of an SSL certificate. Think of everything that passes through a public network, e.g. at a WiFi hotspot. You’ve got account credentials, personal emails, confidential correspondence. By encrypting traffic with HTTPS, it’s harder to intercept that sensitive info.
Site speed. HTTP/2 is faster than HTTP 1.1, and browsers need a secure connection (HTTPS) to enable HTTP/2. That’s why so many people claim that HTTPS makes your site faster. (That’s my understanding of it, anyway.) Point is, we’ve seen enough tests and anecdotal evidence supporting this. Get HTTPS, your site goes faster.
Related: HTTP/2 vs HTTP 1.1 performance
Search engine optimization. Back in 2014, Google began talking about HTTPS as a ranking signal. We’ve seen many blog posts since then about the importance of HTTPS for improved SEO performance.The bottom line? HTTPS is better for your site’s visitors. Period. You’re creating a fast, secure, and higher quality experience for them.Click To Tweet
What Types of SSL Certificates are There?
DV (Domain Validated) Certificates encrypt website traffic but do not verify ownership. DV certificates have a low cost and often an automated setup process. This makes them popular with small businesses and personal websites.
OV (Organization Validated) Certificates are manually reviewed to verify ownership. OV certificates contain contact information of the certificate owner.
EV (Extended Validation) Certificates are the most secure of all SSL certificates. Companies must pass a rigorous review process to qualify for an EV certificate. These are also the most expensive certificates.
Certificates can also cover different domain configurations:
A Single Domain Certificate covers a single fully qualified domain name (FQDN). This does not include subdomains.
A Wildcard SSL Certificate covers a single FQDN and unlimited subdomains.
A Multi Domain SSL Certificate (MDC) covers multiple domain names and subdomains.
A Unified Communications Certificate (UCC) covers Microsoft Exchange and Microsoft Office Communications products.
Check out this awesome infographic that explains the different types of SSL Certificates. This graphic came from here.
Which SSL Certificate is Right for You?
If you’re building a personal website or a hobby website, a DV certificate is a good choice. The low cost and quick setup is ideal when you’re limited on time and budget.
If you’re building a business website, consider an OV certificate. This adds a layer of credibility beyond a standard DV certificate. As DV certificates become commonplace, OV certificates will become a key differentiator.
If you’re building an eCommerce website or online business, an EV certificate is worth the cost. It proves that the company has gone through the rigor to verify their identity.
If you’re building a website with a single domain and no subdomains, use a Single Domain Certificate. The other certificate options are overkill.
If you plan to use subdomains, use a Wildcard SSL Certificate. This helps you avoid paying for more certificates, and it simplifies certificate management.
If you’re using several domains owned by the same organization, use a Multi Domain SSL Certificate. This provides even greater savings and simplification for certificate management. (For example, you may have different product brands using their own sites.)
Where Do You Get an SSL Certificate From?
A Certificate Authority. This is the organization responsible for issuing your SSL certificate. The CA acts as a neutral third party, like a guarantor or public notary.
Your hosting provider. In some cases your hosting provider may also act as a Certificate Authority. The upside of using your hosting provider as your CA is that the setup process is usually easier.
Let’s Encrypt. Let’s Encrypt certificates are single domain DV certificates. Some hosting providers offer them as a free alternative to paid SSL certificates. They’re a decent solution for small sites, e.g. personal blogs, but I don’t recommend them for businesses.
As I already mentioned, DV’s are becoming commonplace. Unfortunately this includes scammers and hackers using SSL certificates to deceive their victims.
I suspect we’ll see the general public grow reluctant to trust DV certificates alone. So you’ll need a higher level of verification — i.e. OV or EV — to establish trust with customers.
Tip: Use security badges to build trust with your site visitors.
Display a security badge or trust seal on your site, like the Trusted Site Seal from McAfee. This offers a visual reassurance that you’re serious about your website security.
Think of the pages where you’re asking for personal information or payment details. These are good locations to place your security badges.
It’s like a lawyer framing their degrees and certifications on the wall of their office. It adds to their credibility.
Don’t wait, set up your SSL certificates ASAP.
The clock is ticking. Start planning to make the switch sooner than later. Contact us today and we can help you.