SSL Certificates Explained - Essential guide from IT professionals

Keeping your website secure with an SSL certificate

Today more businesses are selling online and the ecommerce sector is growing fast. It is now more important than ever to keep your website secure and allow your customers to shop safely. That's why our IT team designed this little guide to SSL certificates explained, for beginners.

With the rise in ecommerce and online business, SSL certificates are necessary for added security and customer trust. This is because customers need to know that they are protected when shopping online. As an e-commerce website owner having an up-to-date SSL certificate is essential.

Have you noticed the full URL in the address bar?

Some URLs have http:// while others have https://. What's the difference? Well, the extra S stands for secure. Meaning that this website is encrypted and your information is secured.

Let explain what is an SSL certificate and why are they so important.

What is an SSL certificate?

SSL certificates are small data files that create a secure link between your client and your website by encrypting and securing all the information.  SSL stands for Secure Socket Layer and these are essential to businesses and organisations.

These certificates are installed in web pages that request sensitive information such as credit or debit card numbers, mobile numbers, and address. It authenticates the server’s identity to prevent phishing attacks.

Norton defines SSL certificates as "a type of digital certificate that provides authentication for a website and enables an encrypted connection".

When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake”. Much like a formal greeting. This is totally invisible to the user and happens instantaneously.

Now, are SSL certificates important for you? Short answer, yes.

Why do you need an SSL certificate?

There are various benefits of having an SSL certificate, but the most important is that it ensures your clients are in a safe place. It can help your business increase its conversions and boost SEO, since Google is paying close attention to SSL certificates.

SSL certificates assure your visitors that your site is real, secure and not a scam.

Information secured by SSL certificates.

• Login details (ID, passwords, security questions)
• Credit card and banking information
• Personal information (name, address, special dates, phone numbers)
• Medical and property records

What happens if I don't have an SSL certificate?

If you don't have an SSL certificate your site will be work perfectly fine, however browsers will mark your site as non-secure. Some browsers will block your website to protect their users.

It will probably look like this:

Everyone has seen this screen at least once, and most users will leave the page immediately.

Not having an SSL certificate will drastically harm your traffic and conversions, but not just that.  If you don't have an SSL certificate, it can make your website vulnerable to cyber-attacks which means that hackers can steal private information from your visitors.

In fewer words, it doesn't matter if your website asks for information or not, a SSL certificate will help you to build your trust and improve your security.

Different Types of SSL Certificates explained

A website with HTTPS encryption means the customer browsing experience is safe and secured. There are three different types of SSL certificates that provide different features for different business types.

1. Single Domain SSL Certificates Explained

Single Domain SSL certificate protects ONE domain name only listed in your Certificate Signing Request (CSR) both www and non-www variations. And it has only one Subject Alternative Name (SAN). Single Domain SSL certificate encrypts all communication between your server and your visitors. And effectively protects all data against threats and boosts your overall trust and credibility. It also secures host name, IP address, mail server, and individual sub-domain.

2. Wildcard SSL Certificates Explained

Wildcard SSL certificate is used to secure an unlimited number of websites that are sub-domains of the domain name in the certificate. Let’s say you purchased a domain name www.example.com and suppose you have multiple sub domains- mail.example.com, blog.example.com, and others-- a wildcard SSL certificate configured for *example.com can secure mail.example.com, blog.example.com, and the rest of the sub domains. The asterisk is used to specify one particular level it can secure, and serve as a placeholder for all sub domains.

If you're managing multiple sites hosted across numerous subdomains, Wildcard SSL certificate is your best option. And it’s available in Organisation Validation and Domain Validation levels of validation only.

3. Multi- Domain SSL Certificates Explained

Multi-Domain is also called as Subject Alternative Name (SAN) or Unified Communications Certificate (UCC) secure multiple Fully Qualified Domain Names or FQDNs. The limitation on the number of domains it covers depends on the issuing certificate authority, unlike Wildcard SSL where it has no limits on the subdomains it covers.

You can combine many host names with multi-domain SSL certificates even if they came from the same domain or not. But it should be defined and added at the same time the certificate is purchased. You also have the option to add, change and delete any SANs to sustain the evolving needs of your network.

Multi-domain SSL certificates are available for all levels of validation. And it does not require several dedicated IP addresses for your host names.

What are the SSL validation levels:

1.Domain Validation (DV)

Domain Validation are SSL certificates that are issued to an applicant that has complete control over a domain. It is an entry-level SSL that provides strong encryption to websites, blogs, and brochure sites. It’s issued within minutes, which makes it a good option for website owners who want to secure their site quickly and efficiently.

The validation for DV certificates is easy. The user only needs to prove to the Certificate Authority (CA) the domain ownership. They ask for email verification, file bases verification, or through the domain registrar’s information. Aside from the speed of verification and processing, one advantage of DV is, it’s the cheapest SSL certificate.

2.Organisation Validation (OV)

Organisation Validation (OV) certificate provides an extra layer of online trust. It’s primary purpose is to encrypt the user’s sensitive and confidential information during transactions. This certificate will help you boost your company's credibility and enhance the level of trust and confidence you can provide your customers.

This displays a padlock in the address bar, letting your visitors know it’s safe to submit credit card information, passwords, and other personal information. OV SSL certificate is made for businesses, non-profit websites, and educational institutions. It takes 2-3 days for the CA to issue the certificates, requiring the following documents and information:

• Legal existence record
• CA approved attestation letter
• Legal government license
• Incorporation article
• Bank statement
• Letter of issuer’s relation with an organization
• Third party database list

3.Extended Validation (EV)

Extended Validation SSL certificates extends your website’s trustworthiness. It offers a top-notch level of security and safety. CA performs an extensive verification of the company and the owner, determines the legal identity, and physical and operational existence before they issue the certificate.

The process verifies that...

• The requestor has legal rights to use the domain
• The requestor has properly authorized the issuance of the certificate
• The physical existence and legal status of the requestor
• The identity of the entity matches official records

The validation and issuance process of EV usually takes 1-7 days. Google prioritises websites with SSL certificates, so your business should have one. If you want a better search engine ranking, more sales and revenues, improved customer trust and confidence, then you have to find the right type of SSL certificates that are best for your business type. SSL certificates bolster your site’s security. It secures all your web forms, protects password logins, and accepts payments securely.

How can I tell if my website has an SSL certificate?

There are various ways you can check that you are browsing a secure website, and you don't have to be an IT expert to do it.

1- Check the URL for Https protocol:

When accessing any website, check the URL and pay special attention to the padlock and the Https:// protocol. Don't forget that the "S" stands for secure, so you and your information will be safe while using this website.

2- Click on the padlock to check the information:

Depending on the browser you are using, you will see the padlock, but there's always a padlock if the site is secured by a SSL certificate.

3- Check the SSL certificate:

Since SSL certificates expire, you have to make sure the certificate is valid. If you are picky and want to check that, you can go to Google development tools and click on Security, and that's it.

You'll able to see the SSL expiry date.

Are free SSL certificates recommended?

Jackye Govaerts, our COO, recommends:

The most widely used Let's Encrypt free SSL certificates are available for all purposes and platforms, although they don't work well with Microsoft Exchange Server and older mobile devices. They work really well with all up-to-date browsers, especially Chrome and Firefox.

"The main limitation of the LE certificates is their lifespan. They need to be renewed every 90 days, thus it makes sense to automate this process to avoid lapsing the validity of each certificate. For this reason it's mainly used by developers and in testing environments".

CloudFlare started offering free certificates alongside its free DNS service. This service is fully compatible with all major browsers but it tends to throw errors on older mobile devices or clients that require specific SSL/TLS access. That's why there's an option to use it in a Flexible, Full, or Strict mode to balance between compatibility and security.

Comodo offers a 30-day free SSL certificate that's exactly the same as the paid ones, so you can test the robustness and compatibility of their various options. They are limited to one issuance per domain.

How much does an SSL certificate cost?

SSL certificate costs may vary according to your needs, you can find free SSL certificates as well as paid options. But it all depends on what you offer and your services.

For example, banks and other big companies require more secured systems than a blog.

The Helpdesk Heroes team strongly recommend a paid SSL provider, this gives you 24/7 backup in case of any problems. There are a loads of options online and you can also check out the SSL certificates available in our shop.

There’s no site “too small to be a target” for cyber criminals. In fact, 46% of UK businesses and charities reported a cyber-attack during the 2020.

Hackers have one goal-- to find vulnerabilities, and harm your business. The online world is a scary place so give your visitors safe and secure browsing experience, and keep your reputation safe.

Get your SSL certificates and enjoy the benefits!

Read more from our blog