SSL/TLS Certificate - Essential for Your Website
Security certificates made easy...
As a reseller for the long established security vendor 'The SSL Store', SUTTONNet offers competitive $AU prices for all types of website security certificates.
SUTTONNet has access to security products from well known, trusted Certificate Authorities at great prices: Sectigo, GeoTrust, Thawte, Symantec, Comodo, RapidSSL.
Because we provide fully managed hosting, our clients don't need to know how to install a security certificate. Our certificate purchase prices include certificate installation for websites hosted on our server.
You must have a valid security certificate installed on your business website. HTTPS sites (that's the ones with a security certificate) are now the Internet standard.
A website security certificate has multiple benefits:
- better online security;
- improved search engine rankings;
- assurance for site visitors, so that they are more confident to do business with you.
Awareness of online security is growing. Website visitors need strong evidence that websites and the businesses that own them are legitimate and safe to deal with: especially for ecommerce.
A security certificate cannot protect your website from every form of malware or hacking activity. But it's an important link in the security chain.
What is a security certificate?
A security certificate (also called an SSL/TLS certificate) is software that gets installed onto your website. It encrypts data on your website while that data travels between the web server and a site visitor's browser.
The security certificate safely encrypts both your webpages, and your customers' data when they submit a website form (eg credit card or contact information).
Why every site needs SSL/TLS
Encryption helps to protect your website from hackers and protect your customers' privacy.
Internet data travels a long road, through many servers in unexpected places. If data is intercepted en route, malware can be inserted on a webpage, and private ID and credit card details stolen. But encrypted data cannot be read or infiltrated easily.
Online search rankings
Google gives a boost in search rankings to websites which have security certificates.
Browsers display a padlock icon in the address bar of any HTTPS (secured) website. They also flag websites that don't have a correctly installed SSL/TLS certificate as 'not secure' or 'not trusted'.
Smart Internet users look for these signals and will not browse or buy from websites without a security certificate. We hope that's you.
Here's the padlock icon on a test site of ours, in the Mozilla Firefox browser (version 73):
and in Google Chrome:
No security certificate (as shown in Chrome):
This site has an SSL/TLS certificate, but it wasn't installed properly. Or perhaps a link on this webpage goes to an unsecured website:
SSL/TLS certificate levels
There are 3 different levels of security certificate. All encrypt webpages and other data securely.
- DV just verifies that the person or organisation applying for the certificate owns the domain name. It's a very fast check. A DV certificate can be issued almost instantly for a website.
- OV and EV certificates validate the business owning the website: that it is legally registered, has a physical presence and its contact details have been verified by reputable sources. It takes at least 3-5 days to complete all the checks and issue the certificate.
|Feature||Domain Validation (DV)||Organisation Validation (OV)||Extended Validation (EV)|
|Free version available ||Yes ||-||-|
| Verifies domain ownership || Yes || Yes || Yes |
| Verifies organisation is authentic || - ||Yes||Yes|
| Verifies organisation's address || - ||Yes||Yes|
| Phone call verification || - ||Yes||Yes|
|Final verification call||- ||Yes||Yes|
|Applicant enrolment form ||- ||- ||Yes|
|Operational existence check ||- ||- ||Yes |
|Assures visitors that site is owned by a genuine, legal entity ||- ||Yes ||Yes |
|Wildcard available (secures multiple subdomains via one certificate) ||Yes ||Yes ||
Free or paid certificate?
You can easily get a free DV security certificate that auto-renews. Alternatively, you can purchase and renew an SSL/TLS certificate, rather like you already renew your webhosting or a domain name.
Most SUTTONNet clients started out with the simple free certificate: Let's Encrypt. But commercial certificates offer more options and there are good reasons to pay for them.
Beware of the padlock?
Domain Validation SSL/TLS certificates are very easy to obtain. That's their attraction - and their downside.
It is easy for a phishing site to obtain a DV certificate, especially a free certificate that focuses on fast auto-renewal rather than corporate responsibility. A few years ago, Let's Encrypt had issued SSL certificates to over 15,000 domains that were variants on 'paypal'. How likely is it that innocent people suffered from this?
These websites showed a 'secure site' padlock. They encrypted data in transit. But they certainly weren't safe!
As cybercrime continues to rise, genuine businesses need to do all we can to show that our websites are legitimate and trustworthy.
Online identity - it's all about trust
Everyone's heard of Amazon. We're confident that if we buy from the Amazon website, the goods will arrive.
But what about smaller enterprises? Someone who has never heard of your business finds your website via online search. Why should they hand you their credit card number and contact details?
One way that we smaller fry can gain customer trust, is when a big trusted brand warrants that we are legitimate.
Thawte and other long-established names in IT security issue 'Organisation Validation' and 'Extended Validation' security certificates. These SSL/TLS certificates are not just about encryption; they are also about establishing online reputation.
An OV or EV certificate carries this message: "A trusted authority in online security has verified that this website is run by a genuine business."
In years past, the pricetag on EV certificates was huge, but that's no longer the case.
Sadly, browsers chop and change on how they show security certificates. At time of writing (March 2020), most browsers don't make it easy to tell that a website has an OV/EV certificate.
We believe there's still value in these certificates for ecommerce or for organisations dealing with highly confidential data.
To get a prominent independent stamp of approval on your website, you need a paid security certificate with a site seal; & a little help from SUTTONNet.
Research backs site seals for S-M business
Many Certificate Authorities offer a 'site seal' or 'trust seal' to insert on your webpages. The seal clearly shows users that your website has:
- SSL/TLS encryption, and
- any additional security features bundled with the security certificate which you purchased.
Top web industry researcher Baymard published findings early in 2020 on site seals and the checkout behaviour of ecommerce customers.
Here are some conclusions from Baymard's research:
- Lack of trust in the website is a major reason for abandoning ecommerce purchases at checkout.
- Small-medium businesses are especially prone to distrust, because our brands aren't well known to new customers.
- A well-placed site seal that bears a familiar brand name can markedly improve customer trust in your site.
Do you need to secure several websites? Multi-website and multi-subdomain (wildcard) certificates help to keep costs down. They simplify installation and renewal too.
You can also buy an SSL/TLS certificate which adds malware protection and daily security scans for your website.
We've yet to see a SUTTONNet-built site infiltrated by malware. SUTTONNet's web server is well protected. We also use good programming practices when creating our websites. But some website software is quite vulnerable. Wordpress is well known for security breaches, and it is not the only one.
Bear in mind that daily malware checks can slow your website down. Weigh the risk against the benefits.