Do you need an SSL certificate for your website?
You probably don’t think much about HTTP and HTTPS while browsing the web. Secure sites have HTTPS and a padlock in the URL bar to show they have SSL (Secure Sockets Layer) certificates installed. Sites without only have HTTP and are flagged by Google as “not secure.” With rising concerns about online privacy, having a secure website is more important than ever. A site that is not secure may be at risk of having sensitive information stolen, read, or modified by attackers and hackers.
Do you need an SSL certificate for your website? In short: yes. Site security impacts users and businesses alike. Even if your site doesn’t handle confidential information, an unsecured website can turn off site visitors and hurt brand perception. According to HubSpot research, 82% of respondents to a consumer survey said they would leave a site that is not secure. This diminishes your potential audience to just 18%! Along with the risk of losing customers, brands with unsecured sites are penalized by search engines for lack of encryption.
If all this talk of security and SSL certificates sounds foreign to you, don’t worry. Once you know the basics of SSL, securing a website is not as complicated as it sounds. Whether you need an SSL certificate for your site or want a refresher on the topic, it’s good to review your options. In this article, you’ll learn about the types of SSL certificates available, validation levels, and the benefits of having a secure site.
What is an SSL certificate?
Digital certificates can be used to secure websites, devices, web servers, signatures, code, software, email and more. When a website is secured by an SSL certificate, the acronym HTTPS appears in the URL along with a padlock icon. SSL is the technology that ensures that all data that passes between a web server and browser, such as names, passwords, credit card info, and other personal data, remains impossible to read by hackers. It uses encryption algorithms to scramble data in transit, which prevents hackers from reading it as it is sent over the connection.
The process works like this:
A browser or server attempts to connect to a website (i.e., a web server) secured with SSL.
The browser or server requests that the web server identifies itself. The web server sends the browser or server a copy of its SSL certificate.
The browser or server checks to see whether it trusts the SSL certificate. If it does, it signals this to the webserver. Then, the web server returns a digitally signed acknowledgment to start an SSL encrypted session.
Encrypted data is shared between the browser or server and the webserver and users can proceed safely to the site. While it sounds like a lengthy process, this happens in milliseconds.
Types of SSL Certificates and Validation Levels
The CA is a third-party organization that gives out SSL certificates and digitally signs them. You might need a specific SSL certificate if you host content on multiple platforms, such as separate domains or subdomains. Depending on the level of security you require, the cost can range from free to hundreds of dollars. Below we break down the different types of SSLs and validation levels, ranging from least secure to most secure:
Single-Domain SSL Certificates
For a small or personal website with a single domain, the single-domain SSL certificate may be the best option for you. This type of certificate secures a single domain and all the pages on that domain. However, it won’t secure any subdomains.
For example, if you have an SSL certificate for the domain mediaplacepartners.com, it will cover all the pages related to this domain, such as mediaplacepartners.com/digital-marketing/, but won’t cover any subdomains such as careers.mediaplacepartners.com.
Validation Levels for Single-Domain SSL Certificates:
Domain Validated (DV): This is the simplest form of SSL certificate validation and only applies to domain ownership verification. It’s usually done through email verification and doesn’t require any further proof of ownership. This is the cheapest and fastest way to acquire an SSL certificate. This level is good for sites that don’t exchange any customer information.
Organization Validated (OV) Certificates: This is the next level up when it comes to validation. In addition to validating your domain, the CA also verifies your business by contacting you. The CA verifies that you own the domain and that it’s for a legally registered business. This is best for business websites with forms and lead capture capabilities that don’t exchange sensitive customer information.
Wildcard SSL Certificates
If your business website has a single domain, but multiple subdomains, then the Wildcard SSL certificate is the way to go. The Wildcard SSL certificate secures a single domain and covers an unlimited number of subdomains related to that single domain. This option is cheaper than acquiring a separate SSL certificate for each subdomain.
Validation Levels for Wildcard SSL Certificates:
Domain Validated (DV) or Organization Validated (OV)
Single-Domain SSL Certificates
Multi-Domain SSL Certificates
This certificate is the opposite of the Wildcard SSL certificate as it secures multiple domains but doesn’t secure any related subdomains. It is also known as Subject Alternative Name (SAN) and Unified Communication Certificate (UCC).
Validation Level for Multi-Domain SSL Certificates:
Extended Validated (EV) SSL Certificates: This level is for the highest level of security, capable of handling sensitive information like financial transactions. This is the most expensive SSL to obtain. EV is typical among high-profile or public-facing websites such as banks and financial institutions. It involves a full background check of your business. Acquiring this certificate involves a strict vetting process by the CA.
How to get an SSL certificate
Now that you know about your certificate and validation options, how do you get an SSL certificate? You can obtain a certificate in a few different ways.
To get a certificate yourself, you need full access and control of your web server. We won’t go too deep into the weeds here – this Hubspot article illustrates the steps you must take to install the SSL certificate yourself.
You can also obtain an SSL certificate through a web hosting company. Many automatically assign and install SSL certificates to sites hosted on their platform. Google Sites, WordPress, Bluehost, HostGator, and A2 Hosting are examples of places that do this. Each hosting company will have its own instructions on how to install the certificate.
A third way to obtain an SSL certificate is through a reputable certificate authority (CA). Anyone can create a certificate, but browsers only trust certificates that come from a list of trusted CAs. These CAs must meet detailed criteria to be accepted. Some examples of trusted CAs are DigiCert, Verisign, and Comodo.
Keeping user information safe using SSL certificates is important for so many reasons. Along with securing confidential information, Google gives secure sites a slight SEO boost. When you show that you are protecting users, Google factors in site security and rewards you for doing so. If your site is not protected, Google will penalize it.
Having an SSL certificate on your website is essential. Whether you store sensitive user information or not, keeping users safe is the right thing to do. People feel confident browsing secure sites knowing their information is protected and have a better perception of brands that do so. While HTTPs and a padlock icon in your URL bar seem like minor details, these have a big impact on your digital marketing now and in the future.