SSL Certificates play an important role in website security. There are three different types of SSL Certificate available, each providing the same encryption levels, whilst vetting and verification processes differ for each. Which SSL is right for your business?
SSL generates an encrypted connection between your web server and your visitor’s web browser. SSL Certificates encrypt sensitive information traveling across the Internet so it can only be understood by the intended recipient. Security, privacy and data integrity are critical for your website and your customers’ personal information.
A proper SSL provides authentication, ensuring your information is being sent to the right server – not to an imposter aiming to steal your data! A SSL certificate is certainly worth using to protect your business, secure your customers trust and sell more.
Why use a SSL Certificate?
SSL Certificates are normally used to increase security around highly confidential data submitted online, such as credit card information or to protect usernames and passwords input into login pages. SSL Certificates add security and privacy to online email and internet banking services, and can benefit website owners when utilised on all pages on a website.
A secure website is more attractive to customers and also pays off for the website owner. Did you know Google give a better search ranking to secure websites deploying SSL on all pages? This puts to rest the assumption SSL is just for the e-commerce site owner - after all, both e-commerce and non-ecommerce website owners benefit from a higher Google search ranking and increased customer trust.
How can you tell if a website uses a SSL Certificate?
You can tell a webpage is using an SSL certificate to provide a secure connection when you see a padlock in the address bar. If the webpage uses an extended validation certificate, the entire address bar will turn green. You will also notice the beginning of the URL is HTTPS, not HTTP. The ‘S’ stands for ‘secure’.
What are the different types of SSL Certificates and Validation levels?
SSL Certificates are available in different types and levels of validation:
- Single Domain Certificates
- Wildcard SSL Certificate
- Multi Domain SSL Certificate (MDC)
- Unified Communications Certificate (UCC)
Single Domain Certificates
Are ideal for small to medium businesses as they allow customers to secure one Fully Qualified Domain Name on a single certificate. A certificate purchased for www.domainname.com.au for example, allows customers to secure all the pages on www.domainname.com.au/. Businesses operating multiple websites would find more flexibility and cost-effectiveness with a wildcard or multi-domain certificate.
Wildcard SSL Certificates
Secure a single domain and unlimited sub-domains of that domain. If you purchase a wildcard certificate, for example, for ‘*.domainname.com.au’ it could also be used to secure ‘payments.domainname.com.au’, ‘accountlogin.domainname.com.au’ etc. If you purchase a wildcard certificate, it will automatically secure any further sub-domains that you add later on. A Wildcard SSL Certificate is ideal for a growing online business as an alternative to multiple single certificate purchases.
Multi Domain SSL Certificate (MDC)
An MDC allows you to secure up to 100 domains (or wildcard domains) on a single certificate, adding or removing domains as you choose. These are a cost-effective way of managing security of multiple, differing domains on a single certificate.
Unified Communications Certificate (UCC)
UCCs are designed specifically to secure Microsoft Exchange and Office Communications. With a UC certificate, customers can include up to 100 domains on one certificate, removing the need for different IP addresses for each website, by use of the Subject Alternative Name (SAN) field. Like MDCs, the purchase of a UCC provides a cost saving when compared to the cost of individual certificate purchases.
Certificate Validation Levels
- Domain Validated Certificates
- Organisation Validated Certificates
- Extended Validation Certificates
Domain Validated Certificates
Are a popular choice for small and medium sized businesses with their faster issuance times, same high levels of data encryption as other validation levels and lower cost point. As the business is not manually vetted by a certificate authority but rather via an automated online process, DV certificates do not offer the same assurance as EV and OV certificates.
Organisation Validated Certificates
Contain the full company name and address details, providing greater comfort and assurance to their users than Domain Validated certificates. Although not validated to the CA/B forum standards needed to turn the browser address bar green, OV certificates have full business and company validation from a certificate authority.
Extended Validation Certificates
Provide online businesses with the highest level of security. EV certificates communicate the trustworthiness of the website to visitors when the address browser turns green in major browsers. They are only issued upon completion of rigorous background checks and are recommended for businesses needing to build customer trust immediately, such as banks and major online retailers.
PixelFish always recommend businesses with non-ecommerce websites as a minimum get a free SSL such as the one available here: https://www.digitalpacific.com.au/domain-names/ssl-certificates/lets-encrypt/ and businesses with e-commerce stores should choose one such as those on offer here: https://www.digitalpacific.com.au/domain-names/ssl-certificates/
PixelFish are experts in building and maintaining websites. If you’d like to chat about the security of your website, why not click here to get in touch and see how we can help you today.
Further Reading on SSL an Website Security
Maintaining Your WordPress Site: What You Need to Know
WordPress Website Security: How to Avoid Getting Hacked
What is an SSL Certificate And Do I Need One for My Website?