Secure Sockets Layer (SSL) is a security method by which data being transferred over servers gets encrypted such that the website’s vulnerability to hacker attacks and phishing is reduced considerably. When people access a SSL-secured website, they feel confident that their sensitive data (credit card number, address, phone number, social security number, etc.) is secure and will not be hijacked by unscrupulous websites.
Although getting SSL certification is not mandatory for all websites, the benefits you and your end users get from SSL are many.
SSL certification can build customer’s trust on your website
Your website becomes less vulnerable to hackers as all its data is encrypted
SSL certificates can protect your website against phishing schemes
Some SSL certifications add HTTPS in your URL that may get your site to rank higher in Google than HTTP sites.
Warranty in SSL certificate covers damages incurred to end users who experience fraudulent, unsecured websites. We’ll talk about warranty a bit later.
SSL certification is a mandatory requirement for all websites in the ambit of Payment Card Industry (PCI)
2. Types of SSL Certificates
There are many types of SSL certificates available, each with differing levels of protection and usage. To objectively compare the types and vendors of SSL, you need to understand the finer differences between them.
a. Types of certificates based on level of protection
A domain-validated SSL certificate
This is a low assurance certificate and the most basic, standard type of certificate issued. A domain-validated SSL ensures that the website’s domain name is registered. Additional documentation is required to obtain this certification. An administrator needs to approve the validation request. A webmaster must confirm validation via email or configure a DNS record for the site.
Processing time: A few minutes to a few hours
Recommended for: Use on internal systems only
Level of Protection: LOW
An organization-validated certificate
This is a high assurance certificate. Real agents will validate domain ownership and confirm the organization’s details such as name, city, state, and country. Just like domain-validated SSL, this certification requires additional documentation to verify the company’s identity.
Processing time: A few hours to a few days
Recommended for: All businesses and companies
Level of Protection: MEDIUM
An Extended Validation (EV) certificate
EV certificate procurement has the most rigorous validation process. This certificate validates that the business running the website is a legal entity. It requires businesses to furnish information such as proof of domain ownership. The other two certificates DO NOT prove that a website is being operated by a legitimate, verified business. On getting EV certificate, your website browser will display a green lock symbol to signify its validity. Check out our website’s address bar.
Processing time: A few days to a few weeks
Recommended for: All e-Commerce websites
Level of Protection: HIGH
EV certificates are absolutely essential for websites soliciting sensitive information from users such as their card details, SSN details, and contact details.
b. Types of SSL certificates based on usage
Single-name SSL certificate
These SSL certificates protect a single domain for which they are registered. For example, if you purchase a certificate for www.mixeron.com, the certificate won’t secure marketing.mixeron.com or services.mixeron.com.
Wildcard SSL certificate
These SSL certificates can secure a large number of domains that feed off a singular root domain, by a single certificate. In the example above, if you want to secure marketing.mixeron.com, services.mixeron.com, www.mixeron.com and more offshoots of Mixeron, you can apply for a wildcard SSL certificate for *.mixeron.com.
From a practical viewpoint, it’s easier to maintain a single wildcard SSL than 7 different single-name SSLs.
Multi-domain SSL certificate
Multi-domain SSLs can secure 210 plus domains with a single certificate. The cap limit varies by providers.
3. What about Free SSL certificates?
Many website makers try to get around paying for SSL certificate by opting for a free certificate. This strategy has more cons than pros. Free certificates or self-validated SSL certificates do not offer any kind of reassurance to visitors. When people try to access such websites, most web browsers will issue an error message that reads- “This connection is unsecure.” While many people would still proceed by clicking “I understand the risks”, many would click “Get me out of here” and never return or recommend your website.
Free SSL certificates are virtually unregulated. Even if your website is compromised, it will appear secure and invite visitors. On the other hand, if you purchase certificate from a trusted vendor, you can revoke the certification and alert users of potential threats, thereby avoiding disputes later.
4. What is SSL certificate warranty? How much warranty do you need?
Warranty of a SSL certificate plays an important role in your final certificate purchase decision. Just like all insurances, SSL certificates also come with a warranty period and conditions. A point to note is that SSL warranties protect end users for damages incurred on an unsecure website, not the warranty purchaser!
For example, an online shopper suffered monetary loss the SSL provider should pay compensation to the shopper since they failed to alert users that the website is not secure. But this happens rarely since most users approach their credit card company or the website’s customer care instead of claiming damages from the SSL provider.
5. How to choose the right SSL certificate?
Picking the right SSL certificate and vendor is challenging as many providers bundle up extras making purchasers lose objectivity. Typically, buying SSL from third party reseller comes out cheapest; just examine the type of customer assistance you’ll get after purchase. If you plan to continue association with the same SSL provider for a long period, you can hope for a good discount if you pay multi-year fees upfront.
These questions can help you compare SSL prices and make a prudent buying decision:
What type of property do you wish to secure (domain, sub-domain, etc.)?
What is the number of properties you want to protect (Single, wildcard, or multiple)?
What is the level of protection you want (low, medium, or high)?
Do you conduct monetary transactions on your website using trusted third parties such as PayPal? If so, you don’t really need to purchase SSL as PayPal will secure transactions on your behalf.
Getting SSL certificate for your website is a smart move to cultivate visitor trust and make your website safe from data breach. But extreme caution needs to be exercised when applying for SSL. Your SSL can be invalidated for a number of reasons- if you serve mixed content (HTTP+HTTPS); have a domain name mismatch; miss purchasing intermediate/chain certificates; install more than one SSL on the same IP or socket number; or not renew SSL 90 days before its expiration.
Stay tuned for more informative articles on website design and marketing best practices.