Consider this, you have build your online business website and put it up on the Internet and before you started any campaign to market your business, you know that online security is one of the important aspect of your business website – you need to ensure customer sensitive data is being protected so they will feel trust and comfortable to complete the online sales and passing you their sensitive information.
You came across SSL Security Certificate – an indicator of website security to proof to your your visitors that you are trustworthy vendor and their sensitive information are well protected. But with so many different vendors, options, and so much complicated technology, you’re not sure which certificate to choose. Don’t be puzzled, as this happen on most of the organizations or individual and it’s not something new.
What’s an SSL Certificate?
Secure Sockets Layer (SSL) works by encrypting and protecting data transmitted between your Web server(s) and your customer’s Web browser over the Internet. It’s a world standard for Website security that ensures confidentiality of data involved in an online transaction, authentication of an ecommerce retailer, and integrity of the data throughout the sales transaction.
Type Of SSL Certificate
There are total 3 type of SSL/TLS negotiations: Domain Validated certificates (DV), Organization Validated certificate (OV) and Extended Validation certificates (EV). Here’s the 3 :
Domain Validated SSL Certificate
Domain validated SSL certificate is the fastest issuance SSL certificate as involved the minimal vetting process by the CA (Certificate Authority) – by only verifying and approve the SSL Certificate with the domain WHOIS contact information. There’s no organization identification information published on the SSL certificate and therefore there’s certain kind of risk for this SSL certificate could be used on any ecommerce website. It’s best usage however is for personal blog and any company intranet system which required basic SSL encryption.
- Entry level certificate
- Low Cost
- Immediately Issued
- No Paper work required
Organization / Business Validated SSL Certificate
Organizational SSL certificate are trusted as the business identity of the SSL certificate is being verified manually by the CA against any business registration registry database hosted by governments. Some of the CA will required the application be fullfilled with additional business documents to be verified as well. Business Validated SSL certificate is the most suitable to be use for any public facing and/or e-commerce website.
- High Assurance Certificate
- Full Business Authentication
- 256 Bit Encryption on Sensitive Information
- 4-5 Days Issuance time
- Site Seal for visual assurance
Extended Validated SSL Certificate
EV (Extended Validation) SSL Certificate reinstate the trust and confidence via the strictest authentication process. There’s a very strict EV SSL Certificate Guidelines that CA would need to follow as part of the vetting process before issuing the SSL certificate.
Apart from that, EV certificates triggers a visible Green Bar on modern browsers to distinguish the secured site apart from others, giving an additional boost on confidence to the visitors. Symantec EV SSL Certificate provides the most trust and security and it’s used by the top leading organization worldwide.
Most of the organizations which switch from Domain Validation or Organization Validated to EV SSL see a tremendous increase of the online transactions and improve customer experience by around 5-28% of sales volume.
- Greenbar in the browser for highest visual authentication
- Full Business Authentication
- Highest level Encryption
- Protects against phishing scams
- Site Seal for visual assurance
Getting Ready To Apply For Your Own Certificate
Depending on the usage of your online business requirements and expected transactions as well as budget, there’s different level of SSL certificate (as explained above) for the consideration. Here’s some questions that you might want to have the answer :
What would be the usage for the SSL Security Certificate ?
Will it be for public facing websites such as commercial usage or just for any internal intranet purposes? For ecommerce online transactions, it’s best to always to invest in any of the EV SSL certificate type. You will find with the additional cost you have invested in, it will help you to build trust and boost your sales revenue.
What are the Issuance Speed of SSL certificate?
DV SSL certificate has the quickest issuance speed (average of less than 10 minutes) as what it requires is just a whois registry validation with email confirmation while EV and OV type of SSL will take up a couple of business days as it involved a much more lenghty vetting process.
What are the Operating System running which host the application or websites that will have the SSL security certificate installed? Is there any other server software involved?
While this may not impact your SSL issuance speed, you will need to get to know the type of web server used that’s hosting your website as this will be a required when you submit your CSR key for SSL issuance. You can easily get this information from your hosting provider.
What are the budget available?
Cost is always a significant concern especially for startup / new build ecommerce store as there’s no revenue generated and at the same time there’s challenge to work on how to increase the sales revenue. If EV is not an option during the initial startup stage, go for the Business Validated SSL type of certificate. Symantec Secure Site would be a best choice considering the site seal, daily malware scan and the brand of trust that it has built throughout the years.
It’s always also recommended to purchase or renew your SSL certificate with more than one year. That save the technical hassle of going through the validation process every year – if you have make purchase of EV SSL, the same kind of validation will be gone through on next year. You could have save this time for your business online sales and marketing activity. Purchasing multi years also gives extra savings in terms of cost. A lot of the customer has decided to go for yearly and they missed the renewal on next year which result in an error or warning thrown on the browser when their SSL Certificate has expired which create a much more impact on the businesses and credibility you have built throughout the years.
Warranty of the SSL Certificate
The value of the warranty on your SSL security certificate shows how serious and concern you are protecting their sensitive information. The highest the level of SSL Security certificate, the higher the protected warranty. If any fraudulent activity occurs as a direct result of a customer’s transaction with a website containing an SSL Certificate, the issuing SSL Certificate Authority will reimburse the affected customers up to amounts from $1,000 to $1,000,000.
How Many Domains You Are Looking To Protect
Most purchase of the SSL certificate will just involved a single domain with both www and non-www included by the CA. There’s also multi-domains SAN SSL certificate available with one certificate secure up to different kind of domains. A WildCard SSL type of certificate will allow you to generate unlimited of certificate for your subdomain based on the primary domain. If you have a lot of subdomains to be protected, a WildCard SSL will best suite the options.
Having a SSL Security certificate installed on your existing websites or applications is not just about how strong the encryption functionality that you would have but it’s much more on the “Trust” that you will want to build with your visitors or customers.