Website security: Let’s talk about SSL certificates
What is an SSL certificate?
SSL stands for “Secure Sockets Layer”… *pause for confusion to set in*. Okay so if you don’t specialize in cyber security what does SSL mean?
It’s an added level of security for your customers interacting with your website. That could be your website’s contact form, when your customers enter their payment information, or even as simple as a newsletter sign-up. Any time someone enters information on your website their data is exposed. Having an SSL certificate on your website makes sure that the data your customers enter is encrypted and protected from hackers.
Does My Website Have SSL?
If you want to know if your website already has SSL, visit your website and take a look at your browser’s address bar. If you have an SSL certificate it will read https://www.yoursite.com, the “s” in “https” stands for secure. If you don’t have an SSL certificate it will read http://www.yoursite.com.
When do you need an SSL certificate?
It used to be that you had a choice in the matter. However, search engines are pressing the issue by ranking websites with SSL higher than websites without. Meaning even if you don’t collect any information, you’ll likely want to at least obtain a basic validation level SSL certificate for search engine optimization(SEO) purposes. Take a moment and forecast though. If you do plan on selling products in the future, you may want to consider a higher level of validation now and avoid Technical Debt.
What type of SSL certificate does your website need?
There are two types of SSL certificates with three levels of validation (see the chart below). The first type is a single domain certificate and will include all the webpages on your primary domain. The second type is for websites that utilize subdomains. A subdomain is the first part before your primary domain for example- subdomain.example.com The more common of the two is the single domain certificate and that’s likely what you need.
The levels of validation are basic, organization and extended. The basic level is the most common and used for small business websites or blogs. This is most likely what you need. The organization level requires more verification steps and is mostly for high volume ecommerce websites or larger corporate websites. The third level is the extended level and requires the most amount of verification to acquire and can take months to do so. As such, it yields the most praise by browsers even listing the company name in the browser’s address bar. To simplify the selection process we’ve included a helpful chart below:
Note: These are merely suggestions to help you determine which SSL certificate is best for you. You can obtain any level or type of SSL certificate for even just a one page website.
Here is a handy guide for how Google Chrome presents the previously stated levels of SSL validation.
This is how Google Chrome presents your website without SSL:
This is how Google Chrome presents your website with “Basic Validation”:
This is how Google Chrome presents your website with “Organization Validation”:
This is how Google Chrome presents your website with the “Extended Validation” a.k.a ultra secure lock of approval: