SSL/TLS Certificate - Essential for Your Website

Security certificates made easy...

As a reseller for the long established security vendor 'The SSL Store', SUTTONNet offers competitive $AU prices for all types of website security certificates.

SUTTONNet has access to security products from well known, trusted Certificate Authorities at great prices: Sectigo, GeoTrust, Thawte, Symantec, Comodo, RapidSSL.

That SuttonNet wombat knows about securityBecause we provide fully managed hosting, our clients don't need to know how to install a security certificate. Our certificate purchase prices include certificate installation for websites hosted on our server.

Get a quote on a SSL/TLS certificate

You must have a valid security certificate installed on your business website. HTTPS sites (that's the ones with a security certificate) are now the Internet standard.

A website security certificate has multiple benefits:

  • better online security;
  • improved search engine rankings;
  • assurance for site visitors, so that they are more confident to do business with you.

Awareness of online security is growing. Website visitors need strong evidence that websites and the businesses that own them are legitimate and safe to deal with: especially for ecommerce.

A security certificate cannot protect your website from every form of malware or hacking activity. But it's an important link in the security chain.

What is a security certificate?

A security certificate (also called an SSL/TLS certificate) is software that gets installed onto your website. It encrypts data on your website while that data travels between the web server and a site visitor's browser.

The security certificate safely encrypts both your webpages, and your customers' data when they submit a website form (eg credit card or contact information).

Why every site needs SSL/TLS

Security

Encryption helps to protect your website from hackers and protect your customers' privacy.

Internet data travels a long road, through many servers in unexpected places. If data is intercepted en route, malware can be inserted on a webpage, and private ID and credit card details stolen. But encrypted data cannot be read or infiltrated easily.

Online search rankings

Google gives a boost in search rankings to websites which have security certificates.

Credibility

Browsers display a padlock icon in the address bar of any HTTPS (secured) website. They also flag websites that don't have a correctly installed SSL/TLS certificate as 'not secure' or 'not trusted'.

Smart Internet users look for these signals and will not browse or buy from websites without a security certificate. We hope that's you.

Here's the padlock icon on a test site of ours, in the Mozilla Firefox browser (version 73):

How a site with SSL TLS certificate is shown on Firefox 73 Mar 2020

and in Google Chrome:

How a site with SSL TLS certificate looks in Chrome Mar 2020

No security certificate (as shown in Chrome):

no SSL certificate on this site Chrome, March 2020

This site has an SSL/TLS certificate, but it wasn't installed properly. Or perhaps a link on this webpage goes to an unsecured website:

Address bar when SSL TLS certificate is not installed correctly: Firefox 73, March 2020

SSL/TLS certificate levels

There are 3 different levels of security certificate. All encrypt webpages and other data securely.

  • DV just verifies that the person or organisation applying for the certificate owns the domain name. It's a very fast check. A DV certificate can be issued almost instantly for a website.
  • OV and EV certificates validate the business owning the website: that it is legally registered, has a physical presence and its contact details have been verified by reputable sources. It takes at least 3-5 days to complete all the checks and issue the certificate.
DV vs OV vs EV
Feature Domain Validation (DV) Organisation Validation (OV) Extended Validation (EV)
Free version available
Yes
- -
Verifies domain ownership
Yes
Yes
Yes
Verifies organisation is authentic
-
Yes Yes
Verifies organisation's address
-
Yes Yes
Phone call verification
-
Yes Yes
Final verification call -
Yes Yes
Applicant enrolment form
-
-
Yes
Operational existence check
-
-
Yes
Assures visitors that site is owned by a genuine, legal entity
-
Yes
Yes
Wildcard available (secures multiple subdomains via one certificate)
Yes
Yes
No

Free or paid certificate?

You can easily get a free DV security certificate that auto-renews. Alternatively, you can purchase and renew an SSL/TLS certificate, rather like you already renew your webhosting or a domain name.

Most SUTTONNet clients started out with the simple free certificate: Let's Encrypt. But commercial certificates offer more options and there are good reasons to pay for them.

Beware of the padlock?

Domain Validation SSL/TLS certificates are very easy to obtain. That's their attraction - and their downside.

It is easy for a phishing site to obtain a DV certificate, especially a free certificate that focuses on fast auto-renewal rather than corporate responsibility. A few years ago, Let's Encrypt had issued SSL certificates to over 15,000 domains that were variants on 'paypal'. How likely is it that innocent people suffered from this?

58% of phishing sites identified at May 2019 had a DV certificate.

These websites showed a 'secure site' padlock. They encrypted data in transit. But they certainly weren't safe!

As cybercrime continues to rise, genuine businesses need to do all we can to show that our websites are legitimate and trustworthy.

Online identity - it's all about trust

Everyone's heard of Amazon. We're confident that if we buy from the Amazon website, the goods will arrive.

But what about smaller enterprises? Someone who has never heard of your business finds your website via online search. Why should they hand you their credit card number and contact details?

One way that we smaller fry can gain customer trust, is when a big trusted brand warrants that we are legitimate.

OV/EV

Thawte and other long-established names in IT security issue 'Organisation Validation' and 'Extended Validation' security certificates. These SSL/TLS certificates are not just about encryption; they are also about establishing online reputation.

An OV or EV certificate carries this message: "A trusted authority in online security has verified that this website is run by a genuine business."

In years past, the pricetag on EV certificates was huge, but that's no longer the case.

Sadly, browsers chop and change on how they show security certificates. At time of writing (March 2020), most browsers don't make it easy to tell that a website has an OV/EV certificate.

We believe there's still value in these certificates for ecommerce or for organisations dealing with highly confidential data.

Site seals

To get a prominent independent stamp of approval on your website, you need a paid security certificate with a site seal; & a little help from SUTTONNet.

Research backs site seals for S-M business

Many Certificate Authorities offer a 'site seal' or 'trust seal' to insert on your webpages. The seal clearly shows users that your website has:

  • SSL/TLS encryption, and
  • any additional security features bundled with the security certificate which you purchased.

Top web industry researcher Baymard published findings early in 2020 on site seals and the checkout behaviour of ecommerce customers.

Here are some conclusions from Baymard's research:

  1. Lack of trust in the website is a major reason for abandoning ecommerce purchases at checkout.
  2. Small-medium businesses are especially prone to distrust, because our brands aren't well known to new customers.
  3. A well-placed site seal that bears a familiar brand name can markedly improve customer trust in your site.

Interested in boosting your ecommerce sales? Read this short summary of Baymard's report by our security product wholesaler for simple, research-based tips.

Bundled products

Do you need to secure several websites? Multi-website and multi-subdomain (wildcard) certificates help to keep costs down. They simplify installation and renewal too.

You can also buy an SSL/TLS certificate which adds malware protection and daily security scans for your website.

We've yet to see a SUTTONNet-built site infiltrated by malware. SUTTONNet's web server is well protected. We also use good programming practices when creating our websites. But some website software is quite vulnerable. Wordpress is well known for security breaches, and it is not the only one.

Bear in mind that daily malware checks can slow your website down. Weigh the risk against the benefits.

Contact us for more information and prices on SSL/TLS certificates