Understanding SSL (Secure-Socket-Layer) Certificates and Your Options

Understanding SSL - Secure Sockets Layer

What is an SSL?

SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.

 

Why do we need an SSL?

Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to.

 

Advantages of having an SSL Secure Website (https://)

  • Improves search engine results
  • All info to and from your website is encrypted
  • A secure site allows the collection of more data utilizing analytics tools that provide more detailed and trackable results.
  • Site visitors trust your site and feel more secure
  • Improved reputation for your domain
  • Adds an SSL/TLS security layer for your email server

 

What type of Certificate should I purchase?

Validation Levels and information needed to acquire the different certificates.

 

DV is a Domain Validated Certificate. In order to purchase one of these you need to be able to verify that you are in control of the domain in some way. For instance you put up a file on the public side of the website. DV certificates can usually be issued within a few hours.

 

OV is an Organization Validated Certificate.  OV was the first kind of certificate that was available, but because a lot of websites wanted encryption they made a simpler DV level. To get an OV certificate you need to authenticate your organization, prove you have a local presence, verify a telephone number, verify you are in control of the domain, and do a final verification call before this can be issued.  As long as you are a legitimate business you should have no problem going through these steps. OV certificates can usually be issued within 3 days.

 

EV is an Extended Validation Certificate. In order to get this high end certificate, you will need to verify your business registration with your government, verify that you have been in business for more than 3 years or have additional proof of operational status, and go through address and telephone authentication. If you want to give your customers the best security you can then this certificate is for you.  In most browsers your entire address bar will be green showing that your site has the ultimate in security. EV certificates take the longest to validate at approx. 5 days but provide the best guarantee to your customers that you are who you say you are via your website.

UNDERSTANDING SSL
Secure Site example - UNDERSTANDING SSL

The above image is an example of the browser displaying the Secured site notification.

Not Secure Site example - UNDERSTANDING SSL

The above image is an example of the browser displaying the NOT Secured site notification.

SSL Certificate Setup Choices

  1. Shared IP address SSL – DV – Domain Validated Cert. with StayRight Hosting

Shared IP Domain Validated certificates are certificates that are checked against domain registry. (see DV below for more information) DV certificates do not require a domain specific dedicated ip address which is highly recommended for optimum levels of security, particularly in eCommerce situations. This IP is shared with all other sites on the server.

 

What is the difference between a Shared and Dedicated IP address?

The difference between shared and dedicated IP addresses is quite simple. A shared IP address is a single address used by multiple websites within one web server. In this case, the web server should do some extra work, parsing the user’s request to the correct website. Having a Dedicated IP address means that the website has its very own address, and you can use either this IP address or the domain name of your website to access it from the web. A dedicated IP will protect your email sending reputation as well.

 

Website SSL Management and Renewal with a Dedicated IP address – $15/month

 

  1. Dedicated IP DV – Domain Validated Certificate – $125.00/year

Domain Validated certificates are certificates that are checked against domain registry. There is no identifying organizational information for these certificates and thus should not be used for commercial purposes. It is the cheapest type of certificate to get, but this is a high risk certificate used on a public website. It is recommended using these types of certificates where security is not a concern, such as protected internal systems, non-eCommerce, or sites not gathering any type of personal information.

 

  1. OV – Organization Validated Certificate – $189.00/year

Organizational certificates are Trusted. Organizations are strictly authenticated by real agents against business registry databases hosted by governments. Documents may exchange and personnel may be contacted during validation to prove the right of use. OV certificates therefore contain legitimate business information. This is the standard type of certificate required on a commercial or public facing website. OV certificates conform to the X.509 RFC standards and thus contain all the necessary information to validate the organization.

 

  1. EV – Extended Validation Certificate – RECOMMENDED – $249.00/year

Nothing provides more trust and security than Extended Validation Certificates. It is used by most of the world’s leading organizations. They have found that switching from OV to EV certificates increases online transactions and improves customer confidence.  It is no longer a luxury but a necessity.

 

EV certificates reinstate the trust users have for a secured web site. Apart from improving trust and confidence via the strictest authentication process, EV certificates triggers a visible Green Bar on modern browsers to distinguish the secured site apart from others, providing the highest degree of trust amongst consumers. It is extremely difficult to impersonate or phish an EV enabled site as even if web content can be duplicated, the Green Bar cannot be triggered without a trusted EV certificate.