Ever wonder how websites help keep hackers from stealing private information, like your credit card number or passwords? The answer: SSL.
SSL, or Secure Sockets Layer, is a security protocol that protects the connection between your site and the visitor. When a visitor logs in or makes purchases on your site, the client (such as a browser) sends information to your website’s server. This information can be vulnerable while it’s traveling, making this the opportune time for hackers to strike. However, using SSL can secure the channel between client and server, making hacking much harder to pull off.
To incorporate SSL onto your site, you must obtain and install an SSL certificate. The SSL certificate identifies itself and the server to the visiting browser, establishing that it is a valid certificate and the server can be trusted. From there, it encrypts the data that travels between the browser and server.
To have a valid certificate, you need a Certificate Authority (CA) to sign the SSL certificates. CAs are trusted sources whose certificates are automatically recognized by browsers as trustworthy. You can sign an SSL certificate yourself, but a self-signed certificate will typically generate a pop-up on your site that says the site is “not trusted.” This message can scare away a lot of visitors, so we recommend not self-signing a certificate.
Pick Your Certificate Validation
There are three different kinds of certificate validation in the SSL certificate world:
- Domain Validated Certificates
- Organization Validated Certificates
- Extended Validation Certificates
Each certificate has a different level of verification associated with it. Consequently, the more verification your site undergoes, the more trustworthy it appears to visitors. It’s a tradeoff of quickness of setup vs. trustworthiness.
Domain Validated Certificates: A Domain Validated (DV) certificate only verifies that you own the domain name of the site. This certificate does not take long to process. DV certificates are good for sites that don’t deal with highly sensitive information.
Organization Validated Certificates: An Organization Validated (OV) certificate verifies that you own the domain name of the site and your business exists. Naturally, the certificate vendor or authority will need company documents for verification.
Extended Validation Certificates: An Extended Validation (EV) certificate verifies that the domain belongs to you, the business exists, and that you are who you say you are. To do this, the certificate vendor or authority will need company documents and proof of ownership for verification. From there, they will verify the legal and physical existence of the business and make sure it matches official records.
Certificates can cover a single domain, a single domain and its subdomains, or multiple domains. Generally speaking, the more domains you cover with a single certificate, the more difficult the certificate is to verify initially, and the more costly it is. The tradeoff here is upfront costs in time and money vs. longterm convenience and savings.
Single Domain Certificates: These cover exactly one domain you own, such as “example.com”.
Wildcard Certificates: These cover one domain you own, plus all subdomains of that domain, including “example.com”, “images.example.com”, “blog.example.com”, and so on.
Multi-Domain Certificates: These cover multiple domains such as “example.com” and “mysite.com”.
Don’t Be Your Own Support Team
You can self-sign certificates, but if you’d rather have an easy set-up and a dedicated support team for any possible problems, a paid certificate might be the way to go. Check out pairSSL’s Positive certificate. For only $10 a year, you get an easy set-up and a 24/7, 365 days a year support team that’s always there to help.
If your site is dealing with highly sensitive information, such as monetary transactions, you may want to consider paying for a certificate. If a paid certificate malfunctions in any way, the providing certificate authority has a warranty in place that will help pay for losses.
Comodo, a trusted authority in the SSL industry, backs our pairSSL certificates. Click here to check out their warranty.
If you want the ease of just logging into an account and managing all your certificates from one place, you may want to consider a paid certificate. With a pairSSL certificate, you can manage your certificates easily from our Account Control Center.
However, if you’re looking for an easier route, paid certs are usually purchased in yearly increments and renewal is often automatic. You can also choose to pay for more than one year upfront. In this case, you wouldn’t have to renew the certificate for whatever length of time you purchased for the certificate and will usually enjoy multi-year discounts.