new mark communications

Does Your Website Need an SSL Certificate?

You might think that only eCommerce websites need an SSL Certificate, and a few years ago, you would have been right. But since 2014 Google has been working to create a more secure internet. SSL Certificates which encrypt information that passes between a site visitor and a website have become an important part of that. So, yes, whether you have an eCommerce site or a “regular” website, you do need an SSL Certificate.

Now Google views all sites that use an SSL Certificate as a signal of quality, which may result in your website enjoying better rankings in the search returns than your non-SSL certified competitors. Google knows a shot at higher visibility in the search returns is a nice motivator to get onboard.

So what is an SSL Certificate, where can you get one, and how much do they cost? Let’s dive in.

An SSL Certificate (Secure Sockets Layer) is a digital certificate that is installed via code on your website. The SSL Certificate does two things: It authenticates the identity of your website by ensuring you are the owner of the domain of your website, and it encrypts information that passes between your website visitors and your website.

This encryption assures your site visitors that their confidential information they may type into your site such as their email, passwords or credit card information can’t be viewed, altered or intercepted by a third party.

Are there different levels of SSL Certificates?

Yes, there are three levels of SSL Certificates. But the good news is your web host likely provides one for free and no, you don’t need a dedicated IP address to get one. Typically inexpensive hosting is shared hosting, meaning your site doesn’t have an IP address unique to your site. However your site still can be assigned an SSL certificate via your web host for free. So, as we say throughout this article, don’t be tricked into an “upsell.”

If your web hosting service doesn’t offer a free SSL certificate, then visit Let’s Encrypt where you can get an SSL certificate for free. Our favorite price! Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

There are three levels of SSL certificates. You can choose from Domain Validation (DV SSL) which is the least expensive at around $10 per year, the Organization Validation (OV SSL) and the Extended Validation (EV SSL) which is typically used by financial institutions dealing in online banking and brokerage accounts.

All SSL Certificates, whether free or super expensive, provide the same level of encryption. Don’t be upsold on features you don’t need!

 

Here’s the interesting part: The encryption across all three certificates – DV, OV and EV – is the same. Yup, your free DV SSL Certificate is providing the same level of encryption as the expensive Extended Verification SSL Certificate used by your online financial institutions.

So what’s the difference between your cheap DV SSL Certificate and the expensive ones? The difference between the Certificates is the extent to which the business entity has been confirmed and authenticated by the Certifying Authority.

The Domain Verification Certificate (DV SSL) involves a quick cross check with your Domain Registrar to confirm that you own the domain name of your website. Pretty basic and it can be done in under 10 minutes of applying for the DV SSL.

The Organization Verification (OV SSL) and the Extended Validation (EV SSL — most often used by financial institutions) does a more thorough job of authenticating that a business is what it purports to be online by confirming ownership of the domain, the business’ physical address, its legal status to conduct business online, confirmation of all contact information, etc.

Which SSL Certificate is right for your website?

If you are not running an eCommerce website you can use the most basic Domain Validation Certificate or DV SSL which is likely already provided by your hosting company. The DV Certificate is ideal for blogs, personal websites and sites that don’t transact with a lot of user information. When the DV SSL is in use on your website, the green https:// will appear before your domain name.

If you are running an eCommerce website, your SSL certificate may already be included in your subscription fee on your eCommerce platform (Shopify, Big Commerce), or, if you are using WooCommerce, it may be included for a nominal fee via your in your web hosting subscription. Check with your web hosting service first.

Upsell alert: If you aren’t running an eCommerce site, there’s no need to pay more to display the SSL Certificate logo or icon on your site. The https:// before your domain name is all the confirmation your site visitors and Google needs.

The Organization Validation or OV Certificate offers a more thorough level of website authentication—which is why it costs a bit more and takes longer to issue, up to two days. In order to get an OV cert you will need to prove your organization is a legitimate legal entity by confirming identifying factors such as domain verification, your address, phone, and have a telephone verification. The visual indicators for OV certificates are the same as for DV certificates.

The Extended Validation or EV Certificate (sometimes refered to as the green bar SSL) offers the highest level of website authentication and gives the strongest visual proof of authentication to site visitors by displaying a green bar listing the website entity’s identification before the URL. You typically see this green bar on financial websites. Again, while it looks impressive, every level of SSL Certificate offers the same encryption level.

How Much Do SSL Certificates Cost?

Are you familiar with the quote “Where there is confusion, there is profit?” It seems the SSL Certificate issuing authorities are eager to maximize the confusion around SSL options to maximize their profit.

As we mentioned above, thanks to Let’s Encrypt you can get an SSL certificate for free. Let’s Encrypt is a free, automated, and open certificate authority (CA). It is a service provided by the Internet Security Research Group (ISRG).

So why would someone pay for an SSL Certificate if it can be had for free? Remember, the basic SSL Certificate only provides encryption. So while the encryption may be the same across SSL secured websites, the difference between SSL Certificates is in the level of business authentication you choose.

If a fine, upstanding internet citizen like yourself can get a free SSL Certificate, so can the online scammers. So companies that want to assure their online clients they really are who they say they are opt to pay more for an SSL Certificate that provides a more rigorous level of authentication, so they will submit more information about their business entity that can be verified by the issuing Certificate Authority.

The Organization Validation or OV SSL can cost as little as $50 per year. Again, the higher price is due to your domain and company undergoing a higher level of authentication.

The Extended Validation of EV SSL can get quite expensive and is generally used by large online financial services companies, such as online banks and brokerage accounts.

How do I know if My SSL Certificate is Properly Installed on my Website?

You’ll have to follow the installation instructions of the Certifying Authority that issues your Certificate. You know when you are on a site that uses an SSL Certificate when you see the padlock icon and the green https:// (which stands for hypertext transfer protocol secure) appears before the url of the website you are visiting. On mobile devices, you typically just see the padlock. Websites that use the Extended Validation Certificate, or EV SSL have the strongest visual cue because it provides the padlock icon as well as a prominent green bar that highlights the website’s identity before the URL address.

<< Home Page