You've heard the terms, you've seen the locked icon ... but what does it all mean? Let's dive into security certificates.
What is an SSL?
SSL stands for Secure Sockets Layer. SSL certificates allow you to encrypt and secure information between your website and your visitor's browser. You may have also heard this referred to as HTTPS.
Do I need an SSL?
The short answer is, yes! If you are a legitimate business, doing legitimate things online you should have a security certificate for your website.
Browsers and Security
In January 2017 Chrome and Firefox rolled out changes that would alert users if they attempted to fill out a form with a password or credit card field via an unprotected website. These warnings increased in October 2017 when any form information (even basic information like an email sign up) was collected on an unsecured website. A bright red "Not Secure" displayed in the URL bar to warn users about entering any information into the website they were visiting. As browser updates have occurred the red warning has turned into a more subtle reminder to site visitors.
Are there different types of certificates?
Yes! There are three primary types of security certificates you can get for your website.
- Domain Validation (DV)
- Organization Validation (OV)
- Extended Validation (EV)
Depending on your site's usage and purpose depends on what type of certificate you should purchase.
Domain Validation (DV)
DV certs are very affordable and can be issued almost immediately making them the standard choice for a non-ecommerce website.
Organization Validation (OV)
OV certs require that the site is owned by a registered government entity and are good for ecommerce sites and those collecting personal information.
Extended Validation (EV)
EV certs are harder to obtain, but give that extra added trust to your website. Websites where trust is paramount (think banks, hospitals, etc.) and robust ecommerce sites should be using this type of certificate.
Why does it matter?
An SSL not only adds a layer of comfort and security for the visitor, but Google has stated that if all other factors are equal, HTTPS can act as a tiebreaker in search engine results. Businesses that choose not to protect their visitors' information will lose trust with customers regardless of if a security breach ever even occurs.
But I have a lot of domains, is this going to get expensive?
Never fear, there are options and both options are visually the same in the browser, so the typical website visitor will be none the wiser of your money-saving ways.
- UCC (Unified Communications Certificate)
A UCC is an SSL certificate where you can secure multiple domain names at once. This is perfect for websites that are just redirecting to another domain or utlizing Microsoft Exchange and/or Microsoft Office Communication Server environments. For example vanityurl.com redirects to websiteurl.com - both can be covered under the UCC and you don't need to purchase two SSL certificates.
A Wildcard SSL certificate secures your domain and an unlimited number of subdomains (example: admin.websiteurl.com).
I've got a certificate, now what?
Obtaining and installing a security certificate on your existing website can be done on your own (if you have the proper access) or with your website provider. Depending on the type of certificate you choose to use will depend on how long it takes to issue and implement onto your website. Once the certificate is in place you aren't quite home free. You'll want to make sure you are directing all web traffic to the new secure website and then let the search engines know you've made a change. This process is very similar to what takes place when you launch a new website.
So there you have it ... everything you needed to know (and probably more) about SSL/HTTPS/Security Certificates! If you take anything away from this post, let it be ... you need an SSL on your website.