SSL/TLS Certificate - Essential for Your Website
Security certificates made easy...
Awareness of online security is growing. Website visitors want strong evidence that websites and the businesses that own them are legitimate and safe to deal with: especially for ecommerce.
As a reseller for the long established security vendor 'The SSL Store', Bizazz offers competitive $AU prices for all types of website security certificates.
We access security products from well known, trusted Certificate Authorities: Digicert, Sectigo, GeoTrust, Thawte, Symantec, Comodo, RapidSSL.
Because we provide fully managed hosting, our certificate purchase prices include certificate installation for websites hosted on our server.
You must have a valid security certificate installed on your business website. HTTPS sites (that's the ones with a security certificate) are now the Internet standard. A website security certificate has multiple benefits:
- better online security;
- improved search engine rankings;
- assurance for site visitors, so that they are more confident to do business with you.
A security certificate cannot protect your website from every form of malware or hacking activity. But it's an important link in the security chain.
What is a security certificate?
A security certificate (also called an SSL/TLS certificate) is software that gets installed onto your website. It encrypts data on your website while that data travels between the web server and a site visitor's browser. The security certificate safely encrypts your webpages, and your customers' data when they submit a website form (including their credit card or contact information).
Why every site needs SSL/TLS
Security
Encryption helps to protect your website from hackers and protect your customers' privacy.
Internet data travels a long road, through many servers in unexpected places. If data is intercepted en route, malware can be inserted on a webpage, and private ID and credit card details stolen. But encrypted data cannot be read or infiltrated easily.
Online search rankings
Google gives a boost in search rankings to websites which have security certificates.
Credibility
Browsers display a padlock icon in the address bar of any HTTPS (secured) website. They also flag websites that don't have a correctly installed SSL/TLS certificate as 'not secure' or 'not trusted'.
Smart Internet users look for these signals and will not browse or buy from websites without a security certificate. We hope that's you.
Here's the padlock icon on a test site of ours, in the Mozilla Firefox browser (version 73):
and in Google Chrome:
No security certificate (as shown in Chrome):
This site has an SSL/TLS certificate that wasn't installed properly. Or perhaps a link on this webpage goes to an unsecured website:
SSL/TLS certificate levels
There are 3 different levels of security certificate. All encrypt webpages and other data securely.
- DV just verifies that the person or organisation applying for the certificate owns the domain name. It's a very fast check. A DV certificate can be issued almost instantly for a website.
- OV and EV certificates validate the business owning the website: that it is legally registered, has a physical presence and its contact details have been verified by reputable sources. It takes at least 3-5 days to complete all the checks and issue the certificate.
| Feature | Domain Validation (DV) | Organisation Validation (OV) | Extended Validation (EV) |
| Free version available | Yes | - | - |
| Verifies domain ownership | Yes | Yes | Yes |
| Verifies organisation is authentic | - | Yes | Yes |
| Verifies organisation's address | - | Yes | Yes |
| Phone call verification | - | Yes | Yes |
| Final verification call | - | Yes | Yes |
| Applicant enrolment form | - | - | Yes |
| Operational existence check | - | - | Yes |
| Assures visitors that site is owned by a genuine, legal entity | - | Yes | Yes |
| Wildcard available (secures multiple subdomains via one certificate) | Yes | Yes |
No |
Free or paid certificate?
You can get a free Let's Encrypt DV security certificate, that auto-renews. Alternatively, you can purchase and renew an SSL/TLS certificate, rather like you renew your webhosting & domain name.
Most of our clients started out with the simple free certificate: Let's Encrypt. But the commercial certificates offer more options and there are good reasons to pay for them.
Beware of the padlock?
Domain Validation SSL/TLS certificates are very easy to obtain. That's their attraction - and their downside. It is easy for a phishing site to obtain a DV certificate, especially a free certificate that focuses on fast auto-renewal rather than corporate responsibility.
Let's Encrypt issued SSL certificates to over 15,000 domains that were variants on 'paypal'. How likely is it that innocent people suffered from this?
58% of phishing sites identified at May 2019 had a DV certificate. These websites showed a 'secure site' padlock. They encrypted data in transit. But they certainly weren't safe!
As cybercrime continues to rise, genuine businesses need to do all we can to show that our websites are legitimate and trustworthy.
Online identity - it's all about trust
Everyone's heard of Amazon. We're confident that if we buy from the Amazon website, the goods will arrive. But what about smaller enterprises? Someone who has never heard of your business finds your website via online search. Why should they hand over to you their credit card number and contact details?
One way that we smaller fry can gain customer trust, is when a big trusted brand warrants that we are a legitimate business. Here's where OV & EV security certificates come in - only available by purchase from commercial Certificate Authorities.
OV/EV
Long-established names in IT security issue 'Organisation Validation' and 'Extended Validation' security certificates. These SSL/TLS certificates are not just about encryption; they are also about establishing online reputation.
To get an OV or EV certificate, your business has to pass validation tests to ensure it'sa real entity carrying out real trade. The OV/EV certidfcate carries this message: "A trusted authority in online security has verified that this website is run by a genuine business." There's value in these certificates for ecommerce & for organisations whose websites transmit highly confidential data.
Site seals
Many Certificate Authorities offer a 'site seal' or 'trust seal' option with their commercial TLS/SSL certificates. This is an image that gets inserted on your website and carries the name of the verifying CA.
To get this prominent independent stamp of approval on your website, you just need to buy a security certificate that includes a site seal, & a little help from your web developer.
Research backs site seals for S-M business
The trust seal or site seal clearly shows users that your website has SSL/TLS encryption and any additional validation or security features bundled with the security certificate that you purchased.
Top web industry researcher Baymard published findings early in 2020 on site seals and the checkout behaviour of ecommerce customers.
Here are some conclusions from Baymard's research:
- Lack of trust in the website is a major reason for abandoning ecommerce purchases at checkout.
- Small-medium businesses are especially prone to distrust, because our brands aren't well known to new customers.
- A well-placed site seal that bears a familiar brand name can markedly improve customer trust in your site.
Bundled products
Do you need to secure several websites? Multi-website and multi-subdomain (wildcard) certificates help to keep costs down. They simplify installation and renewal too.
You can also buy an SSL/TLS certificate which adds malware protection and daily security scans for your website. Bear in mind that daily malware checks slow your website down. Weigh the risk against the benefits. We've never seen any website that we built, get infiltrated by malware. Our web server is well protected & we use secure programming practices when we create websites. But some website software is quite vulnerable. Wordpress is well known for security breaches, and it is not the only one.
Contact us for more information and prices on SSL/TLS certificates
