Do you need an SSL Certificate?
Why you should consider adding an SSL certificate to your website
Mike Cooper, Marketing, Integratech.
You may have questions arising from just reading the title of this blog… such as: does my website really need an SSL Certificate? Do I need to know how SSL works? And, actually, what exactly is SSL anyway?
It’s probably best to start with the last one first, and then go on from there. SSL stands for “Secure Sockets Layer.” Wikipedia defines this as: “Cryptographic protocols that provide communications security over a computer network.” Well, that clears that up then!
Luckily for you (and me, if I’m honest!) the people at Go Daddy have come up with a far less technical explanation: “Think of an SSL certificate as a giant windscreen for when you drive on the information super-highway. You wouldn’t head out on your local road — especially at night in a rural area — without something between you and all the bugs. In much the same way, an SSL certificate protects your site — and its visitors — from many digital bugs, worms and other nasty web creatures.” Hopefully that’s a lot easier to understand!
How do they work?
Go Daddy also does a great job in explaining how SSL Certificates work: “An SSL certificate works to create an encrypted connection between your visitor’s browser and the server. A secure session is established via a “handshake” process, one that involves a back-and-forth between the web browser and the web server, and it occurs behind the scenes — all without interrupting the shopping or browsing experience.”
Do you really need one?
If you are thinking that your site is too small to be targeted, what you have to remember is that most cyber-attacks are merely looking for vulnerabilities within a system. They aren’t really interested in the size of the site, or the business type, just what they can potentially exploit.
Up until the last few years it was predominantly only websites that accepted payments via card that had an SSL Certificate. But now, it is generally considered best practice to have an SSL Certificate if your website has any password protected areas or hosts any sort of web form.
Also, and this was one of the main reasons behind writing this blog, having an SSL Certificate will help with your site’s ranking on Google. In fact, the latest release of Google’s browser, Chrome – which was rolled out on Friday October 27th – will soon be issuing a warning of “not secure” on any website that doesn’t have an SSL Certificate installed on it. This may not have been cause for concern a few years ago, but as Chrome is now the browser of choice - having a 60% market share - it would seem advisable to install an SSL certificate so that the majority of those visiting it can do so without issue.
There are currently three types of SSL Certificate available:
- Domain Validated (DV SSL)
- Organisation Validated (OV SSL)
- Extended Validated (EV SSL)
All of the certificates offer the same encryption levels, but some require further vetting and verification processes to be completed before they are granted.
Domain Validated Certificates (DV SSL) are the quickest to implement. This is because you don’t have to submit any company paperwork, so the certificate can be activated in a matter of minutes. Once installed, when someone visits your website they will see the browser padlock and https preceding your web address. However, as this is the most basic option, because it is checked against domain registry only, it is probably the least trusted of the three and therefore not overly recommended for a public facing website.
Organisation Validated Certificates (OV SSL) are far more trusted because organisations are authenticated against government-hosted business registry databases. In other words, you have to physically prove you are who you say you are in order to get one and therefore you can be confident that they contain legitimate business information. Although not as quick to implement as the Domain Validated certificates, once the paperwork has been submitted they can usually be set-up within a few days.
Extended Validation Certificates (EV SSL) are used by some of the World’s leading organisations and are for those businesses looking for the ultimate in trust. The vetting process for issuing EV Certificates is far stricter than that for OV Certificates. EV Certificates identify the legal entity that controls a website: “providing a reasonable assurance to the user that the site they are accessing is controlled by a specific legal entity identified in the EV Certificate by name, address of Place of Business, Jurisdiction of Incorporation or Registration and Registration Number or other disambiguating information.”
EV certified sites also incorporate encrypted communications between the Internet browser and the site, meaning information sent or received cannot be read if intercepted. Furthermore, EV Certificates trigger a visible green bar on most modern browsers to distinguish the site above others. This means it is almost impossible to impersonate or ‘phish’ an EV enabled site, because even if the web content could be replicated, the green bar cannot be triggered without the EV Certificate being in place.
Bearing in mind what is written above, you will probably not be surprised to learn that Domain Validated Certificates are the cheapest of the three - with Extended Validation Certificates being the most expensive. Certificates usually last for 12-months, but most companies selling them will offer a discount if you take out a 2-year term.
If you are unsure as to whether your site requires an SSL Certificate, or what type would suit you best, talk to one of our friendly team and we’ll point you in the right direction. Call us on 01905 758900, email us via firstname.lastname@example.org, or arrange a suitable time for us to call you.