When building and launching a website, it’s important to keep it as safe as if it were your own home. Lock all doors and windows, and don’t give everyone a spare key. For securing your website, an SSL certificate is essential. This is how it works.
So, here are the basics: an SSL (Secure Sockets Layer) certificate is a data file that gives your website a key for (important) details. It secures all types of information (data, payments) transferred over the internet. And it prevents criminals from reading it, or even modifying it. Even if they could intercept the data, it would still be encrypted and they couldn’t actually read it.
How does an SSL certificate work?
If you install an SSL certificate on a website, it activates the padlock and the https protocol in the address bar of the web browser. This allows secure connections from a web server to a browser. When visiting a website you can recognize the SSL certificate in the URL (https://).
You might also have heard about TLS (Transport Layer Security). You can see this as an upgrade of SSL. When speaking of SSL, it’s very common to confuse it with TLS (and vice versa).
Why is SSL so important?
Still not sure about having an SSL certificate? Here are 4 reasons to consider:
-
Visitors have more confidence because of SSL
With this certificate you can safely transfer important data. So, with an SSL certificate you can not only tell, but also show your customers that you take security very seriously.
-
Google motivates the use of SSL certificates
If you have an SSL certificate and your URL starts with https://, Google sees your website as more reliable. After all you secure the way your website transfers data with a network. If you don’t have it, Google can mark your website as not reliable.
-
Having an SSL certificate is not a given
If you consider a certificate, you have to apply for it first. Only so-called Certificate Authorities (CA’s) are permitted to issue certain certificates. You can choose SSL certificates from Global Sigh or Sectigo for example. If you choose an unknown (or less reliable) supplier, the browser will notify the user.
-
Credit card companies demand an SSL certificate
Whether you think it’s important or not, most credit card companies will only process payment data if you have implemented an SSL certificate on your website.
Different kinds of SSL certificates
There are different kinds of SSL certificates which offer different options. The costs are between €10 and €3000 a year. Below a list of all the SSL certificates you could choose:
- Extended Validation Certificate (EV SSL)
- Organization Validated Certificate (OV SSL)
- Domain Validated Certificate (DV SSL)
- Wildcard SSL Certificate
- Multi-Domain SSL Certificate (MDC)
- Unified Communications Certificate (UCC)
Wondering which certificate would be best for your website? Let’s check it out!
Extended Validation Certificates (EV SSL)
The Extended Validation Certificates (EV SSL) is the most extensive and expensive certificate possible for your website. After you install it, it shows the user your padlock (https), the name of your business and it’s country. It’s a way to distinguish your website from malicious or fake sites. If you want it, you have to go through a standardized identity verification process to confirm that you are legally authorized to the exclusive right of the domain. This certificate is best for high profile websites where people have to identify themselves.
EV SSL certificate - United Airlines
Organization Validated Certificates (OV SSL)
An Organization Validation SSL certificate only encrypts a user’s important data during transactions. It has a high assurance, just like the Extended Validation Certificate (EV SSL). The OV SSL shows ‘https’ in the url, as well as the website owner’s information. This is, just like the EV SSL, to be different from malicious or fake websites. An OV SSL is less expensive than the EV SSL and it’s required for commercial (or public-facing) websites to assure that any shared customer information stays confidential. If you want to install it, you have to complete a substantial validation process. A Certification Authority (CA) will investigate your website to see if you have the right to the domain.
Domain Validated Certificates (DV SSL)
A Domain Validated Certificate, or DV SSL, has a low assurance and minimal encryption. It’s perfect for (small) websites such as blogs or information websites. The validation process is pretty easy because it only requires owners to prove domain ownership by responding to an email or phone call. Also, it’s relatively cheap. If you install a Domain Validated Certificate, the address bar only shows ‘https’ and a padlock. It doesn’t show the name of the business or the country where it’s located.
Wildcard SSL certificate
A Wildcard SSL a base domain and unlimited subdomains. A wildcard is cheaper than buying multiple single-domain SSL certificates. You can either choose for an OV Wildcard SSL (Organization Validated) or DV Wildcard SSL (Domain Validated). They both have an asterisk * as part of the common name. It represents any valid subdomain that has the same base domain.
Multi-Domain SSL Certificates
A Multi-Domain SSL certificate can secure up to 100 different domain names and subdomains. This means saving time and money. With Multi-Domain SSL Certificates you have control of the Subject Alternative Name (SAN) field to add, change, and delete any of the SANS as needed. Also available are Domain Validated, Organization Validated, Extended Validated and Wildcard SSL.
Unified Communications Certificates (UCC)
When talking about Multi-Domain SSL certificates, it’s also important to talk about Unified Communications Certificates (UCC). They were initially designed to secure Microsoft Exchange and Live Communications servers, but now any website owner can use it to allow multiple domain names to be secure on a single certificate. If you install it, the address bar shows a padlock.