Which SSL Type is Right for Your Website
Confused about the various types of SSL certificates available today? There are so many choices offered for securing websites that is hard to know exactly where to start. Is it essential or optional? According to Google, in an effort to make the internet a safer place to exchange personal data and make purchases, in Oct 2017 they will begin to let users of Chrome know when a website is not secure, and whether or not a visitor is sharing their personal data, it will affect their level of trust with that site. This in effect will make it mandatory to have one by default. Obtaining an SSL certificate for your website adds trust and credibility to visitors and customers, which is Google’s intention, but not all SSLs are create equal.
Where do you go from here?
It is important as an organization to determine the purpose for obtaining an SSL certificate. Are you using it just to secure logins, transmitting visitor data to your website, or running an e-commerce site.
Once you have that question answered, there are basically 3 Types of SSL Certificates that you need to know about (other are multiples , wildcards or variations of these):
-
- Domain Validated Certificate (DVC) – ($20 + $400 installation) not verified or trusted. This is the most basic of certificates and although the information is encrypted during transit from visitor to website, because there is no way of knowing for sure if the company is who they say they are. When obtaining this type of certificate, the organization is not required to provide any information about their business. These types of certificates should be used for internal uses only and not be used for commercial purposes. Phishing sites (those pretending to be banks or government sites but are just trying to steal credit card details) will use these basic SSL certificates to try to give visitors a false sense of security. In any case, it’s better than nothing.
- Organization Validated Certificate (OVC) ($75 + $450 installation)- trusted. These SSLs offer a higher level of trust as businesses need to provide detailed information regarding their organization’s details. These business details are verified by reputable online companies such as: Comodo, GeoTrust, Symantec or Equifax (amoung many others), and the certificate reflects that.
- Extended Validation Certificate (EVC) ($200 + $500 installation) – most trusted. Nothing beats the security of a fully verified. This increases the trust level of visitors and is a necessity for ecommerce sites because it verifies the organizations name in the certificate. Your business is verified by Comodo, or other validating firm. There will be a form to fill out, as well as proof of Business Registration, Business Contact information, as well as a Dun & Brad Street Number will be required to complete this type of SSL certificate.
- Domain Validated Certificate (DVC) – ($20 + $400 installation) not verified or trusted. This is the most basic of certificates and although the information is encrypted during transit from visitor to website, because there is no way of knowing for sure if the company is who they say they are. When obtaining this type of certificate, the organization is not required to provide any information about their business. These types of certificates should be used for internal uses only and not be used for commercial purposes. Phishing sites (those pretending to be banks or government sites but are just trying to steal credit card details) will use these basic SSL certificates to try to give visitors a false sense of security. In any case, it’s better than nothing.
It is not enough to just purchase an SSL certificate, as in order to comply with Google Chrome – you’re entire site needs to have only secured content and that takes time to do. That’s why there is an installation cost. Here’s the steps we do to ensure your site’s security:
Installation Steps (what we do to get your site secure)
- Acquiring and Installing the SSL for your site
- Securing at least all login and data transfer pages (although we go a step further to secure ALL pages of client sites)
- Making sure your site pages HTTP: automatically redirect to secure pages HTTPS: (so you don’t lose your rankings in Google)
- Re-submitting your site to all relevant Google properties
- Re-linking your Google properties together
- Adding a Firewall to your site to block malicious activity
If October 2017 hits and all of a sudden you discover Google Chrome’s warning on your website, it is possible for us to install a Domain Verified SSL Certificate until your OVC or EVC has been approved by Comodo (or other agency) with NO additional installation charges beyond the related installation fee.
Learn more about the need for an SSL Certificate, or contact us here to get started.
