Internet is continuously evolving, it is estimated that there are over 1.5 billion websites in the world. Among which 644 million websites are active. With this massive number of websites, cyber crimes are also ever increasing. According to Dr. Michael McGuire, a senior lecturer in Criminology at the University of Surrey, the total cybercrime revenues sums up to $1.5 Trillion. These statistics bring forth to us the importance of keeping our website secure. One of the most fundamental security measures to take is, changing all HTTP links in the website to HTTPS. HTTPS means secure HTTP. This is achieved by encrypting the website using an SSL certificate. There are both paid as well as free SSL certificates. Let’s Encrypt is a Certificate Authority that issues free SSL certificates.
Encrypting website has become so inevitable now, as Google regards websites with an SSL certificate to be safer and ranks them higher. Besides this, from July 2018 onwards, Google started flagging sites without SSL certificate as “Not Secure”. Hence, if you wish to escape Google’s security checks, it’s a good idea to add a free SSL certificate provided by Let’s encrypt to your domain.
However, along with its upsides, Let’s Encrypt’s free SSL certificate has its own downsides. The certificate renews itself only after every 90 days and so, if your site gets compromised, you get to know it is fully secure only after 90 days. In addition to this, if the hacker gets into the automation system, this will give rise to a new vulnerability. Therefore, if you are more serious about your online business security, it is always advisable to buy an SSL Certificate.
Let’s now discuss SSL Certificate in more detail.
What is an SSL Certificate?
SSL certificates are digital signatures that encrypt the communication between your computer and the website. They can otherwise be seen as an online ID card that proves the identity of an organization.
When you sent data across the web, it passes through many computers before it finally reaches the destined server. If your browser makes the page request using HTTP, then the data will be traveling in a clear text format. That is not a safe way to transmit data, especially when handling sensitive information like credit card or login details. It is the SSL certificate, that activates the HTTPS protocol and the padlock.
For example, assume that you have registered a new domain to trade guitars online. In this case, it is essential to encrypt all your e-commerce transactions, to provide your customers with a safe shopping environment. This can boost customer confidence and increase your sales.
How SSL works?
SSL certificates are issued by the Certificate Authority, after researching and reviewing the company’s paperwork. SSL along with confirming the identity of the organization also encrypts the data that flows to and from the website.
To explain the working of SSL, let us take an example. Suppose that Mary wants to purchase a guitar from your online store. Two computers will be involved in this process, Mary’s computer and the server hosting your site. When Mary’s computer connects to your website, it will detect the SSL certificate and confirms the website’s identity with the Certificate Authority. If everything goes on well, a connection, commonly referred to as a handshake, will be established between the computers.
After making the handshake, the computers will decide upon the type of encryption to be used, based on the type of SSL certificate used on your website. After this, data starts to flow back and forth between the two computers. When data is sent from one computer it is encrypted to a scrambled text. As the data reaches the recipient computer it is decrypted back to the original text. Mary can now place her order securely by using her credit card.
Types of SSL Certificates
SSL certificates can be classified into two based on Validation level and Certificate Functionality.
- Single Domain (can be used only on a single domain)
- Wildcard (can be used for a domain and its unlimited subdomains)
1. Domain Validation SSL (DV SSL)
DV SSL is the lowest level of SSL validation and also the cheapest SSL type. This type of validation is used mainly for blogs, entertainment websites, or information sites. Setting up DV SSL is a fast process, and is issued to you within a matter of three minutes. Plus, they don’t ask you to submit your company details or paperwork. Here, the website owner is only asked to verify their domain ownership. For verification, you will be sent a verification email and will be asked to respond to it. A green padlock will be added to your address bar after you complete the process.
2. Business Validation SSL (BV SSL)
A Business Validation SSL is typically used to validate companies and business organizations. In this case, the certification authority will ask you to provide the company details for verification. This three-phase process requires you to prove your domain ownership, verify your company, and it also includes a callback process. The Certification Authority will then check for the domain ownership and validity of the documents submitted. The certificate will be issued to you within one to three days after completing the verification process. You will get a green padlock added to your address bar. Besides this, the certificate will also contain your organization’s name and location.
3. Extended Validation SSL (EV SSL)
EV SSL is the most trusted and the most secure SSL validation. The validation process takes some time, and you will be asked to forward some documents, verify your company, verify your domain ownership, and there will also be a callback process. The EV SSL certificate will be issued to you in two to seven days once you complete the process. They validate the domain ownership, the physical location, and the legal existence of your company. A green padlock and your company name will be added to your address bar, establishing brand trust.
Let’s Encrypt vs Paid SSL
|Free of cost||Costs some money|
|Proves you own the domain and save your website from ‘Not Secure’ warning.||You have complete ownership of the SSL certificate and is more secure than free SSL.|
|Don’t provide warranty information or insurance.||Provides extensive warranty and insurance.|
|Certificate expires every 90 days, limited lifetime validity.||Longer validity period from 2 to 3 yrs.|
|Has limited features and||Has more features and offers an extra layer of security.|
|It is mainly used by blogs & smaller sites.||It is used by big companies & business organizations.|
|Issues only DV SSL||Issues DV SSL, BV SSL, and EV SSL.|
|You get 20 certificates and 1000 renewals per week.||Unlimited number of certificates and renewals.|
|Don’t provide direct customer support if the user faces any technical issues.||Provide direct support and troubleshooting.|
SSL Buying Guide
Things to remember when purchasing an SSL certificate:
- Decide the purpose of your website before choosing the SSL type. For example, if you are running personal blogs or sites for entertainment, which requires no personal data, it is advisable to choose a domain validation certificate.
- If you accept credit card for your online business, you must have a minimum of 128-bit encryption.
- Questions to ask:
- What information are you expected to provide?
- Whether the certificate renews automatically?
- Amount of time needed to install SSL.
- Do they provide reliable customer support?
At Veeble, we provide all the basic SSL types for doing business online, which includes Domain Validation, Business Validation, and Extended Validation SSL. Also, the SSL certificates we offer are compatible with 99% of browsers and all devices like mobiles, tab, PC, etc. We always take our customers with high regard. We ensure that the certificates are issued as soon as possible, plus we guarantee full money back in 7 days of purchase if you are not satisfied.