Where’s the value?

Many people wonder what the value in purchasing an SSL certificate is and also what the difference is between them.

Firstly, if there is any kind of data sent between your web site visitors and yourself, you need to secure it. The way you collect data could be anything from a simple form submission, perhaps signing somebody up to a newsletter, or a customer filling in a form on your site.  Or it could be somebody logging in with a username and password to your web site or ecommerce transactions, like buying something from your web site.  The point is, sensitive data is being sent over the internet to and from your web site, and yes, somebody’s name and email address are classed as sensitive data.

You might wonder where the risk exists, but they do.  Your customer could be a number of “hops”away from your web site.  What’s a hop I hear you ask?  Well, a hop is best described as a point on the internet through where traffic passes on it’s destination to and from a web site.  Connecting from my home to this website for example, means my traffic passes through seven different routers, or hops, and many other devices like network switches, in between.  At any point all it needs is one of those locations to have been silently compromised and traffic being slurped away into some dark corner of the internet.  Man in the middle attacks are as old as the internet itself.

Everything has a value.  Email addresses for example (ever wonder where that spammer got your email address from?) are regularly harvested all over the internet, but think for a minute about all of that’s other data you share when you fill in forms or that you ask people to complete on your web site.

This is where SSL Certificate comes in.  I wont go into the mechanics of it (you can read about how SSL works here, here and here) but by securing your web site with an SSL certificate you ensure that the data that is sent between the end users web browser and your web site is encrypted, rendering it useless to the man in the middle.

So that was reason number 1 for having an SSL certificate.

Reason number 2 comes from Google.  Like it or not, Google is the number 1 search engine.  It is also the creator and publisher of the popular Chrome web browser.

Google along with other companies in the industry has been championing the use of SSL.  Visit a web site without SSL in Chrome and you’ll see “Not Secure” displayed in the address bar.  It’s going to get worse and more obvious too.  Soon those warning will become more prominent and could potentially scare off visitors to your web site.

If that wasn’t enough of an incentive for you, Google has also announced that SSL or not will factor in a web sites search engine rankings.  So how far up the index you appear and how relevant it finds your web site will now also depend on whether your site is secured or not.

Thankfully initiatives like Let’s Encrypt, which is available as standard in all our our hosting plans, make it easy to obtain and install free SSL certificate for your web site.  Yes that’s right, free.

So why buy an SSL certificate?  That’s the obvious question given that Let’s Encrypt provide free SSL?

It comes down to trust and a warrantee.  Anyone can get a Let’s Encrypt certificate.  The only validation in general is that the web site exists and is visible on the internet.

With a commercial certificate there is validation.  Somebody at the Certificate Authority – Symantec, Comodo, Geotrust, has a procedure to vet the web site, in the case of even the cheapest domain validated certificate like Rapid SSL, or Quick SSL, right the way through to validating the business in the case of the Extended Validation (EV) certificates which provide the nice reassuring green bar across the address field of your web browser.

That validation process delivers a warrantee to the end user.  Should the site turn out to not be who they say they are and you the end user be defrauded they will pay to you up to the sum of hundreds of thousands of dollars.  That reassurance you get with a commercial certificate, especially in the case the EV certificate and green bar provides your end users with a level of confidence that shopping on or using a particular web site is safe.  I for one will never use a web site I haven’t used before without that reassurance, and I’m not alone.

That’s where the value in a commercial certificate comes in.  Of course it’s a case of the right horse for the right course.  You don’t always need an EV Certificate for a hobby site.  You may be fine with the free Let’s Encrypt certificate for a personal or hobbyist web site, but if its for any kind of serious business purpose or commercial enterprise then a commercial SSL is required.

So which one?  Well, there are many to choose from and it depends on the purpose.  There are code signing certificates for developers to certify their code with, Certificates to secure Microsoft Exchange servers, certificate to secure websites, certificates to secure server to server communication in corporate networks.

We list our most popular 4 or 5 prominently on the SSL page of our web site, but that doesn’t mean that’s it.  Clicking the little circle below those will expand a large list.

Unsure of what you need?  Get in touch and we’ll happily advise you on what you might need, but whatever you do, secure that web site.