Website security 101: SSL certificates

With online shopping becoming a preferred method of purchasing it’s no surprise that business owners are looking to get in on the action, and it’s never been easier. Whether you’re looking to get set up on your own with the likes of a hosted platform, or after more bespoke design or features with an agency (that’s us by the way!) there’s plenty of options for you to pick from. Whichever route you pick one thing stays the same: keeping you and your customer’s safe online.

There’s an abundance of things that can be done to keep both parties secure and protected while shopping online, but we will be kicking off our secure website series by talking about the trusty SSL certificate.

An SSL certificate is essentially provides a layer of security for your customers. They typically get installed on the server where your site is hosted. Once installed, it then provides a secure connection between your customers browser and the server to protect sensitive information. Https protocol can operate without an SSL certificate, however it will result in serious browser warnings. Https is an acronym for HyperText Transfer Protocol Secure.

Google hasn’t necessarily admitted that non HTTPS encrypted websites are going to be at a disadvantage in its search algorithms, however it’s obvious you’re website is at risk of losing its place in the google search rankings. Why? Because the messages displayed to the consumer warning them your website is unsafe is certain to reduce the time spent on the website, and the overall activity on the website.

How to tell if a website is SSL protected

The SSL is installed on a website, which will introduce a padlock symbol in the address bar and https protocol in the url.

What types of SSL certificates are there available

If the standard SSL certificate wasn’t confusing enough then we’re going to teach you the variations of SSL certificates. There are three different types of SSL;

Extended validation SSL:

To obtain this type of SSL, you are going to have to undergo a very intense vetting process, the certificate authorities are going to check you are the rightful owner of the domain name you’re using and a general background check on your organisation.

Organisation validated SSL:

Some of the largest sites in the world use this type of SSL. The process to obtain the certificate is the exact same as the (EV)SSL, however the users are given the ability to view your organisation’s details. The customer can’t view all your private information, only information that is available to the public.

Domain validated SSL:

Only the domain is vetted when you apply for a (DV)SSL, this means that in order to get one, you don’t have to wait as long. This is beneficial for smaller companies who just need some website security without having to submit masses of company paperwork.

An SSL looks great on a website, how many times have you questioned the security of a website your about to buy from without realising that there’s a way to get validation?

The (EV)SSL is identified by the browser which will activate a green address bar or green font, note that this only happens on the most up to date browser. I know that when I see a green bar or green text I already feel more secure.

The (OV)SSL will show as a secure site seal, which you can click to show more information, the customer feels more at ease as they are able to see who's responsible for it.

The (DV)SSL will show as https protocol and the padlock in the address bar, Business information is provided as part of the certificate signing request but is not verified. It can be viewed by users by opening the certificate in their browser and scrolling through details.

Note that a website without any of these SSL certificates will have no padlock icon and the url will read http, and when other websites do have these features, a customer will pick up on the fact you don’t have one.

Don’t be misled by thinking just because your site provides information and not a product, you are exempt from needing an SSL. SSL certificates don’t just protect websites that require credit card details, personal identifiable information must also be secured, and any web page on the internet is susceptible to hacking, so get certified.