SSL certificates: the key to customer trust
An SSL certificate is a technical term you can't get away from as a merchant. In this class, you'll learn what it is, why it can be valuable and what choices you should make when purchasing one.
An SSL certificate, what is it?
An SSL certificate encrypts all traffic between your website and your visitor's browser. So this means that the transaction and/or personal data your customer enters in his browser is sent encrypted to your server. As a result, this type of traffic cannot be decrypted by malicious parties and they cannot tamper with it.
As a visitor, you can see in the URL bar of your browser whether a website is secured with an SSL certificate. If it is, you will recognize it by the green padlock and the fact that it says https instead of http. The s here stands for Secure. You can also say "the traffic goes through https".
Different types of certificates
There are different types of certificates. They differ in validation process and the number of domains you can secure with a certificate. When purchasing a certificate, you should ask yourself two questions: What validation do I need and how many domains do I want to secure?
| What validation do I need? Validation process affects visibility in your browser! | |||
| How many domains do I want to secure? | Domain Validation | Organization Validation | Extended Validation |
| Single SSL | V | V | V |
| Multidomain | V | V | V |
| Wildcard | V | V | X |
1. SSL Single
Applies to one domain, for example www.byte.nl and includes all the urls that come after it (such as byte.co.uk/blog and byte.co.uk/knowledge base etc). So the certificate is attached to one specific domain name.
2. Multidomain
A multi-domain certificate allows you to secure multiple domain names and subdomains in a single certificate. Multidomain certificates are available at all validation levels. Wildcard certificates do not come with extended validation, while multi-domain certificates do: a godsend if you want to secure multiple subdomains with a green address bar.
Note: All domain names in the certificate must have the same holder; only one organization name can be included in the certificate.
3. Wildcard
A wildcard certificate secures all subdomains of a single domain. With a standard SSL certificate, the certificate is associated with a specific (sub)domain name, for example www.jouwdomeinnaam.nl. With a wildcard certificate, the certificate is requested on *.yourdomainname.com. This allows you to secure an unlimited number of subdomains for this domain name with one certificate.
This applies to one level, so not *.*.yourdomainname.com. (multiple subdomains under one domain name so blog.byte.nl and kb.byte.nl)
Please note: A wildcard can never be closed in combination with an EV certificate.
| What validation do I need? Validation process affects visibility in your browser! | |||
| How many domains do I want to secure? | Domain Validation | Organization Validation | Extended Validation |
| Single SSL | V | V | V |
| Multidomain | V | V | V |
| Wildcard | V | V | X |
Different levels of validation
The more comprehensive, the more reliable?
Domain Validation (lock only)
Only the domain name holder is verified. Often through an e-mail. You do have a lock icon in the address bar but one does not see any information about the domain name holder. The color of the lock can vary from browser to browser. Usually it is blue or green.
Organization Validation (behind lock see your company name/more info)
Your company name is now also validated through a phone call. After this, visitors to your site can see the company name again when they click on the lock icon.
Extended Validation (EV certificate) (next to lock also company name and more info)
As you can see, the name of the company is incorporated into the lock. This is called an EV-SSL certificate. EV stands for Extended Validation. In terms of technology, an EV-SSL certificate does not change from "regular" SSL certificates, but the difference is in the identity verification.
An EV-SSL certificate involves extensive research into your identity first. This can take about 2 to 3 weeks.
So in that sense, an EV-SSL certificate is more "worth" or reliable.
The benefits of an SSL certificate
1. Secure
When traffic between your visitor's browser and your server is sent securely via https, you make it very difficult for malicious people to intercept the traffic. So you make sure that people can safely make a purchase, or leave their contact information.
2. Trusted
You can tell from the outside if you secure your Web site with an SSL certificate. People who are familiar with it will check before making a purchase or a contact request, whether it is over a secure connection. If not, they might choose your competitor. So an SSL certificate contributes to consumer confidence in your site.
2. Trusted
You can tell from the outside if you secure your Web site with an SSL certificate. People who are familiar with it will check before making a purchase or a contact request, whether it is over a secure connection. If not, they might choose your competitor. So an SSL certificate contributes to consumer confidence in your site.
They translate these kinds of requirements into algorithms, and based on these they rank the search results: the best options come out on top.
Since January 1, 2017, Google has gone even further: Google shows in Chrome with alerts when a website is not encrypted with an SSL Certificate. You can already see "secure. Chrome eventually wants to label every http website as "not secure. This notification will deter many visitors and thus have a negative impact on the conversion of your website.
Google plans to warn users in the latest versions of Google Chrome to place additional emphasis on the insecurity of http websites.
Fable
SSL slows down the connection. For many people, speed was a reason not to run an online store (entirely) via SSL. An SSL certificate could cause a delay of milliseconds. However, with the development of the new technique HTTP/2, this is officially no longer an issue. In fact, in most cases, your shop is faster with an SSL connection (via HTTPS) than without.
Purchase a certificate
There are several certificate providers, including Comodo and Symantec, both with years of experience. Also active are newer providers such as Let's Encrypt. They offer free certificates, but this often requires a bit more technical knowledge. Added to this is the fact that it is still in the development stage.
Please note that Let's Encrypt certificates are always Domain Validation certificates. So if you want a more extensive level of validation, you should choose another provider.
How do I get a certificate/where can I buy a certificate?
You can purchase the certificate from the certificate issuer (often more expensive), or through a reseller such as Xolphin, Open Provider or Networking 4all. In many cases, your web host will take care of this for you.
Most certificates you take out per year.
Costs always depend on hosting party/provider of certificates.
What do you need to do to install an SSL certificate?
Exactly what you need to do depends on where you purchase the certificate. We provide a handy overview.
Via hoster (difference between managed and other solution)
| Advantage | Managed: renewal is monitored and it is renewed (Note some hosters only alert, you still need to take action yourself) | |
| Purchase is arranged | ||
| Installation on the server is arranged | ||
| Worries off your hands | ||
| Disadvantage | You pay more |
Purchase directly from the SSL supplier
| Advantage | Cheaper | |
| Disadvantage | You have to do everything yourself | |
| Pay attention when your certificate expires | ||
| Please note that Let's ENcrypt certificates expire every 3 months, thus adding to your workload. |
Have you provided your shop with an SSL certificate?
Check that everything is in place at https://www.ssllabs.com/ssltest/