What is an SSL-certificate and why do you need one for your website?
Cybercrime is a serious and growing threat all around the world. People get targeted by identity thieves and fraudsters, and companies get targeted for their sensitive corporate data and trade secrets.
The attacks get more sophisticated every day and it costs our society billions of dollars every year.
Not only will an SSL-certificate make your website more secure, it can also have a positive effect on your Google search rankings.
Personally, I recommend almost everyone to get an SSL-certificate for their website.
This article will tell you what SSL-certificates are, which types that exist and why you should get one for your site.
What is an SSL-certificate?
SSL stands for Secure Sockets Layer and is an encryption protocol that ensures secure communication between a web server (your website) and a user’s web browser (e.g. Chrome) by encrypting the information sent. The information could be credit card details or other personal details that should not end up in the wrong hands.
An SSL-certificate is a certificate installed on your web server that verifies that you and your website are who you claim to be (I’ll talk about the different levels of verification further down). The verification and issuance of an SSL-certificate is done by a Certificate Authority (CA).
In short, the way SSL-certificates works is that the web server sends a copy of the SSL-certificate to the user/web browser that wants to view the website. The web browser then checks that the certificate is issued by a trusted CA and that the certificate is still valid. If everything checks out, the web server and the browser can start transmitting encrypted data between each other.
Why is an SSL-certificate important for your site?
I guess you’re wondering, does my site need an SSL-certificate?
I had that exact same question when I first started out with websites, and I’ll give you four reasons for why you should get one regardless of what type of site you’re aiming for.
Whether it’s credit card detail or more basic information such as a name, email or phone number, chances are the users of your website would probably not want to have that information leaked.
Selling products on your page? Maybe you got a ‘contact us’ form where users can enter contact info? Or, do you use a password to get into your website admin page (e.g. WordPress dashboard)? This is not information you want to have leaked, so get an SSL!
With the increasing threat comes the increased awareness. So, for every day that passes the users visiting our sites will become more knowledgeable and more aware of potential security threats.
Having an SSL-certificate will earn you a “Secure | https://” mark in the address bar, telling everyone visiting your site that any electronic communication on this site is secured.
The increased awareness also goes for companies like Google, and Google handles this increased security threat by lowering the search rank for websites that are not considered secure.
So, if your site does not have an SSL-certificate, Google might potentially lower the rank of your website in their search results. A lower search rank usually also results in fewer visitors.
The most basic SSL-certificates that comes without warranties are free. As a result, many hosting providers already offer SSL-certificates to their users for free (Psst! SiteGround is one of them).
If you have a business site that is in need of a warranty, you get SSL-certificates at $10/mo that will provide plenty.
Convinced that you need an SSL-certificate? Good!
In the next sections, I’ll elaborate on the different SSL validation levels and the different certificate types you can choose from.
Different validation levels
An SSL-certificate is issued to you and your website as soon as a third-party CA (Certificate Authority) has verified that you are who you claim to be. How detailed this verification is will however vary.
It’s worth noting that the encryption technology is the same across all these validation levels. The difference is that the CA goes to greater lengths to really verify who you are.
Domain validation (DV)
Domain validation is the lowest level of verification available and is usually also the cheapest (sometimes free). A DV certificate can be issued when a CA has verified that you are the true owner of the domain
Organizational validation (OV)
In order to acquire an OV certificate, the CA will have to investigate your organization in greater detail in order to verify that you’re really who you claim to be.
Although OV requires more effort and normally costs more than a DV, the average users will not be able to see the difference when accessing your site.
Extended validation (EV)
EV certificates are both the most tedious and expensive certificate to get, but it’s also the one that displays the highest level of trust to your site visitors.
The criteria’s that need to be met are defined in the Guidelines for Extended Validation issued by the CA/Browser forum.
In short, you’ll have to provide the CA with sufficient documentation to prove that the organization is a legally recognized entity. Once that’s done, your site will get the verified legal identity displayed in the address bar.
Here’s how it looks for Namecheap
With the different validation levels out of the way, let’s have a look at the different certificate types, single domain, wildcard and multidomain.
Available with all verification levels
A single domain SSL certificate is not surprisingly, only valid for a single domain. That means that for website.com, the single domain SSL will only be valid for the main page and all respective sub-folder E.g. website.com/AnySubFolder
Get a single domain SSL if your website does not have any subdomains
Only available with Domain and Organizational verification
A wildcard SSL certificate will cover all subdomains in addition to the main domain. So regardless of how many subdomains you’ll end up creating, the certificate is set up to cover all of them (*.website.com) in addition to any subfolder you’ll create for these domains.
Consider getting a wildcard SSL if your site has several subdomains and you are not going for an Extended Validation Certificate.
Available with all verification levels
A Multidomain SSL certificate will cover all subdomains that are listed up when you purchase the SSL certificate. Any new subdomains add after that will require a new round of verification.
Get a multidomain SSL if you are going for an Extended Validation Certificate and want it to apply to all your subdomains.
Now that the simplest SSL-certificates are free, there’s really no reason to not install one on your site.
- It increases security
- It looks better
- Google likes it
My recommendation is to find a host that provides SSL-certificates for free.