You have been told that you need an SSL certificate for your small business website, but it’s just a simple brochure site so you’re not exactly sure why. While in the past many simple websites could get away without SSL, that’s not the case anymore as the world’s most popular browsers push towards universal encryption and a safer web for all, not just online shoppers. So with that in mind, let’s dive into the what, why, where, who, and when of SSL certificates.
What is an SSL Certificate?
SSL stands for Secure Sockets Layer which is the technology used for establishing an encrypted link between a web server and a browser. This technology is the first line of defence for protecting data and safeguarding privacy when you engage in online activities like filling out forms, purchasing shoes, booking Airbnb accommodations or checking your bank balance.
This encryption occurs through the use of a certificate that is installed after a company or organisation “turns on” SSL on its web server. The certificate validates the identity of the web server and then allows for encrypted communication between the website and the web browser. Once a secure connection is established, a padlock icon and HTTPS prefix appear in the browser bar, indicating it’s safe to share personal information.
Why does a website need an SSL Certificate?
Without the use of SSL any data that is input into a website can be seen by 3rd parties who may be snooping around a users web session. An example could be someone using the open wi-fi at a coffee shop whose web session is being captured by someone in the vicinity using a network traffic analyser. Without SSL, all of the unencrypted data can be seen, captured and potentially used for nefarious purposes.
Google is taking this lack of security seriously and is upping the ante in the “name and shame” stakes by making it much more obvious to users when a website has not implemented SSL.
Currently, Google’s Chrome browser is identifying insecure sites with an exclamation mark and “Not secure” text in the URL bar ahead of the website address.
As you can see in the following example, the Canadian organization of mushroom growers is just one of countless websites not using encryption on things like forms, search fields or worse. But those exclamation marks are pretty discrete and easy to overlook. Unaware users – in this case, mushroom growers – will probably still move forward, fill in forms and do other tasks on these websites without giving the security of them much thought.
The thing is, in another few months the warning will become VERY hard to overlook. Websites with unsecured text input areas like logins, forms, email signup, and even search functionality will be flagged as Not Secure – and the new treatment will be red, scary, and super off-putting. Google’s plan is to roll this out to all websites that are not HTTPS whether they accept data inputs or not very soon. And with Chrome holding approximately 60% of browser market share (on our website, it’s even higher), this is surely going to be scaring potential visitors and customers away.
As Google moves to a more “in your face” style of notification, users will become more aware and vote with their feet by going to competitors that are secure. In addition to driving visitors away, websites that do not have encryption in place will be in jeopardy of losing ranking to those that do. Google’s algorithm already prefers encrypted websites because it naturally wants to send users to safe websites that offer a good experience.
Where on the website does the SSL certificate work?
A regular SSL certificate works on every page of your website by default. Where it doesn’t work is on subdomains. So if you have something like greatdomain.ca you are covered with your certificate, but jobs.greatdomain.ca will not be covered by the original certificate. Fortunately, a Wildcard certificate will fix that problem as it applies to not only the main domain but to the subdomains under it as well.
Who should be using a paid certificate and who can get away with a free certificate?
Like almost anything on the web, there is always a free version. Free SSL certificates are available from a number of organizations and are also sometimes bundled in with hosting plans.
Paid certificates offer two elements that free certificates cannot – Organization Validation and Extended Validation. These validation processes vet an organization’s existence and authenticity by checking things like independent 3rd-party sources, legal identity, domain ownership records, phone number, etc., depending on the type of certificate being purchased.
Both of these validations are carried out by the certificate issuers (in Webnames case Comodo, GeoTrust and Symantec ) who vett the organization. An Extended Validation certificate takes more time to vet and issue because it’s the blue chip standard for e-commerce websites as it confers the coveted green address bar which tells users the site is secure for shopping.
Another benefit of paid SSL certificates is that they come with 24/7 support and warranties that actually pay out in the event of catastrophic failures.
Free certificates have a place and may be appropriate for certain blogs, or maybe small organizations that have purely informational websites. However, if a website has an input form of any kind – e.g., contact us, website search, etc. – they should really have a paid certificate as free certificates require implementation every 30 to 90 days and there is the danger that this security layer may slip through the cracks.
When should an SSL Certificate be implemented?
After you have purchased your domain, set up the hosting, and started to build your website – you will need to consider which SSL certificate is the right one for you. Are you just going to have a single domain? A main domain and subdomains? Is this a multi-domain campaign, or a service that could be covered under one certificate? Webnames offers certificates to meet all of those scenarios, as well as am easy-to-reach customer support team that can help you determine the most appropriate type of SSL certificate for both your needs and budget.
Once you have chosen the certificate that meets your needs, it is installed before your website goes live. Once launched you can relax easy in the knowledge that your site is secure, your customers can trust you, and that Google will reward you for your efforts with solid search rankings and the word Secure in front of your URL.
Next Steps to HTTPS and Getting Browser Compliant
If you haven’t already, we strongly encourage you to implement an SSL certificate ahead of the July slated release of Chrome 68 which will begin identifying all HTTP sites as “Not Secure” not merely the ones with text intake forms. To help you get there, Webnames offers more than 15 SSL options from Comodo, GeoTrust, and RapidSSL that start as low as $20.00 US for a 1-year term, and our customer support can both help you select the appropriate cert for your website and do the installation, sometimes in just a few minutes.
Use the promotion code “SSL20%” to save 20% of any SSL at Webnames.ca until March 31, 2018.