A SSL certificate is a commonly used security technology recommended for businesses with an online presence. Since a company’s website is a critical component to conducting business in today’s marketplace, it’s important to have your site promote a secure experience. In an effort to gain consumer’s trust and in light of ever-growing security threats, it’s best practice to have a SSL certificate installed to allow a secure connection from your web server to your visitors’ web browser.
What is an SSL Certificate?
A SSL (Secure Sockets Layer) Certificate is a technology that creates an encrypted connection between your web server and your visitors’ web browser. When a certificate is installed on your web server, any information that travels between computers is unreadable (encrypted) to everyone except for the server you are sending the information to. This ensures a secured communication, and protects sensitive data from being readable if it were to land in the hands of a hacker or identify thief.
Once the certificate has been purchased, and installed on your web server, a visual trust seal will appear on your website. Visitors will notice a padlock or a green ‘https’ protocol (as shown in the image to the right) has been activated; which signifies a secure connection from the web server to the visitor’s web browser.
Who Needs a SSL Certificate?
SSL Certificates are typically recommended for any sites that collect or handle customer’s names, phone numbers, or addresses (think contact forms). A SSL Certificate is especially important if your site gathers credit card information from its visitors (when PCI compliance is required) or has prompts for log in credentials to access member portals. Even if your site is primarily for blogging purposes, your site will likely need to deploy a SSL certificate.
What are the benefits of having a SSL Certificate?
- Authentication- Since using the internet means information is sent through several computers, a SSL certificate provides the extra layer of security by authenticating the servers it sends information through. If an SSL certificate is in place, you can be assured that the information you are sending is being sent to the right server and not to an impostor server.
- Protection- Phishing scams and other cyber exploits have become major threats to internet users and has made many wary of conducting online business. Having a SSL certificate for your website, lets your clients know that they are on the right, protected website.
- Website Ranking- Even Google wants your website to be secured! Since Google wants its search results to reflect the most trusted and secured resources, they have even gone as far as giving a small rankings boost to sites that are using SSL.
What types of certificate should your site have?
Some websites or server configurations require a specific type of SSL certificate. Commonly, the determining factor in selecting which SSL certificate to install is the number of unique domains you want to secure.
- Single Name Certificate- a commonly used SSL certificate that will only secure a single domain name or sub-domain. (For example, a certificate could secure www.yourdomain.com or mail.yourdomain.com but not both.)
- Multi Domain or Unified Communications Certificate- a SSL certificate that secures multiple domain names and multiple host names within a domain name. (For example, a certificate could secure www.yourdomain.com and www.yourdomain.net.) A UCC lets you secure a primary domain name and up to 99 additional Subject Alternative Names (SANs) in a single certificate.
- Wildcard Certificate- will secure not only your website URL (www.yourdomain.com) but also an unlimited number of subdomains (mail.yourdomain.com, blog.yourdomain.com, etc.) making management of domains easier and more flexible when adding or changing domains as necessary.
Things to Consider.
Acquiring a SSL Certificate requires that your infrastructure is set up properly and your identity is validated. In addition to the associated cost, it is also important to consider the following:
- Ensure your site is ready to accept a certificate- Installing a SSL certificate on your site, may trigger warnings in some browsers if your site has any unsecured content (images or scripts) on it. There are several free tools available to help discover elements on your site that cannot be encrypted and resolve the error messages.
- Content Warnings- Performance issues (if any) will be almost unnoticeable for an average sized site once a certificate is installed. For a website with an extremely large number of visitors, performance issues may be noticeable. This is due to the fact that information sent between servers is encrypted, therefore it uses more server resources than if the information weren’t encrypted.
- Browser Compatibility- SSL certificate compatibility is something to keep in mind when deciding on a provider. Most certificate authorizes issue certificates that are compatible with nearly all major web browser, however this should be verified. You will want to ensure the certificate you select is compatible with the browser your clients use to access your website.
Unless your site is secured via a SSL certificate, there is the potential for every piece of data in transit to be seen and potentially compromised by others. It’s a risk that can be easily addressed by taking this recommended security step. From the perspective of your website visitor, the SSL padlock will signify trust, security , privacy and is a visual reminder that their experience on your site will be equipped with the strongest encryption capabilities possible.
(image via DaveBleasdale/Flickr)