SSL/TLS Certificate - Essential for Your Website

Security certificates made easy...

Awareness of online security is growing. Website visitors want strong evidence that websites and the businesses that own them are legitimate and safe to deal with: especially for ecommerce.

As a reseller for the long established security vendor 'The SSL Store', Bizazz offers competitive $AU prices for all types of website security certificates.

We access security products from well known, trusted Certificate Authorities: Digicert, Sectigo, GeoTrust, Thawte, Symantec, Comodo, RapidSSL.

That SuttonNet wombat knows about securityBecause we provide fully managed hosting, our certificate purchase prices include certificate installation for websites hosted on our server.

Get a quote on a SSL/TLS certificate

You must have a valid security certificate installed on your business website. HTTPS sites (that's the ones with a security certificate) are now the Internet standard. A website security certificate has multiple benefits:

  • better online security;
  • improved search engine rankings;
  • assurance for site visitors, so that they are more confident to do business with you.

A security certificate cannot protect your website from every form of malware or hacking activity. But it's an important link in the security chain.

What is a security certificate?

A security certificate (also called an SSL/TLS certificate) is software that gets installed onto your website. It encrypts data on your website while that data travels between the web server and a site visitor's browser. The security certificate safely encrypts your webpages, and your customers' data when they submit a website form (including their credit card or contact information).

Why every site needs SSL/TLS

Security

Encryption helps to protect your website from hackers and protect your customers' privacy.

Internet data travels a long road, through many servers in unexpected places. If data is intercepted en route, malware can be inserted on a webpage, and private ID and credit card details stolen. But encrypted data cannot be read or infiltrated easily.

Online search rankings

Google gives a boost in search rankings to websites which have security certificates.

Credibility

Browsers display a padlock icon in the address bar of any HTTPS (secured) website. They also flag websites that don't have a correctly installed SSL/TLS certificate as 'not secure' or 'not trusted'.

Smart Internet users look for these signals and will not browse or buy from websites without a security certificate. We hope that's you.

Here's the padlock icon on a test site of ours, in the Mozilla Firefox browser (version 73):

How a site with SSL TLS certificate is shown on Firefox 73 Mar 2020

and in Google Chrome:

How a site with SSL TLS certificate looks in Chrome Mar 2020

No security certificate (as shown in Chrome):

no SSL certificate on this site Chrome, March 2020

This site has an SSL/TLS certificate that wasn't installed properly. Or perhaps a link on this webpage goes to an unsecured website:

Address bar when SSL TLS certificate is not installed correctly: Firefox 73, March 2020

SSL/TLS certificate levels

There are 3 different levels of security certificate. All encrypt webpages and other data securely.

  • DV just verifies that the person or organisation applying for the certificate owns the domain name. It's a very fast check. A DV certificate can be issued almost instantly for a website.
  • OV and EV certificates validate the business owning the website: that it is legally registered, has a physical presence and its contact details have been verified by reputable sources. It takes at least 3-5 days to complete all the checks and issue the certificate.
DV vs OV vs EV
Feature Domain Validation (DV) Organisation Validation (OV) Extended Validation (EV)
Free version available
Yes
- -
Verifies domain ownership
Yes
Yes
Yes
Verifies organisation is authentic
-
Yes Yes
Verifies organisation's address
-
Yes Yes
Phone call verification
-
Yes Yes
Final verification call -
Yes Yes
Applicant enrolment form
-
-
Yes
Operational existence check
-
-
Yes
Assures visitors that site is owned by a genuine, legal entity
-
Yes
Yes
Wildcard available (secures multiple subdomains via one certificate)
Yes
Yes
No

Free or paid certificate?

You can get a free Let's Encrypt DV security certificate, that auto-renews. Alternatively, you can purchase and renew an SSL/TLS certificate, rather like you renew your webhosting & domain name.

Most  of our clients started out with the simple free certificate: Let's Encrypt. But the commercial certificates offer more options and there are good reasons to pay for them.

Beware of the padlock?

Domain Validation SSL/TLS certificates are very easy to obtain. That's their attraction - and their downside. It is easy for a phishing site to obtain a DV certificate, especially a free certificate that focuses on fast auto-renewal rather than corporate responsibility.

Let's Encrypt issued SSL certificates to over 15,000 domains that were variants on 'paypal'. How likely is it that innocent people suffered from this?

58% of phishing sites identified at May 2019 had a DV certificate. These websites showed a 'secure site' padlock. They encrypted data in transit. But they certainly weren't safe!

As cybercrime continues to rise, genuine businesses need to do all we can to show that our websites are legitimate and trustworthy.

Online identity - it's all about trust

Everyone's heard of Amazon. We're confident that if we buy from the Amazon website, the goods will arrive. But what about smaller enterprises? Someone who has never heard of your business finds your website via online search. Why should they hand over to you their credit card number and contact details?

One way that we smaller fry can gain customer trust, is when a big trusted brand warrants that we are a legitimate business. Here's where OV & EV security certificates come in - only available by purchase from commercial Certificate Authorities.

OV/EV

Long-established names in IT security issue 'Organisation Validation' and 'Extended Validation' security certificates. These SSL/TLS certificates are not just about encryption; they are also about establishing online reputation.

To get an OV or EV certificate, your business has to pass validation tests to ensure it'sa real entity carrying out real trade. The OV/EV certidfcate carries this message: "A trusted authority in online security has verified that this website is run by a genuine business."  There's value in these certificates for ecommerce & for organisations whose websites transmit highly confidential data.

Site seals

Many Certificate Authorities offer a 'site seal' or 'trust seal' option with their commercial TLS/SSL certificates. This is an image that gets inserted on your website and carries the name of the verifying CA.

To get this prominent independent stamp of approval on your website, you just need to buy a security certificate that includes a site seal, & a little help from your web developer.

Research backs site seals for S-M business

The trust seal or site seal clearly shows users that your website has SSL/TLS encryption and any additional validation or security features bundled with the security certificate that you purchased.

Top web industry researcher Baymard published findings early in 2020 on site seals and the checkout behaviour of ecommerce customers.

Here are some conclusions from Baymard's research:

  1. Lack of trust in the website is a major reason for abandoning ecommerce purchases at checkout.
  2. Small-medium businesses are especially prone to distrust, because our brands aren't well known to new customers.
  3. A well-placed site seal that bears a familiar brand name can markedly improve customer trust in your site.

Interested in boosting your ecommerce sales? Read this short summary of Baymard's report by our security product wholesaler for simple, research-based tips.

Bundled products

Do you need to secure several websites? Multi-website and multi-subdomain (wildcard) certificates help to keep costs down. They simplify installation and renewal too.

You can also buy an SSL/TLS certificate which adds malware protection and daily security scans for your website. Bear in mind that daily malware checks slow your website down. Weigh the risk against the benefits. We've never seen any website that we built, get infiltrated by malware. Our web server is well protected & we use secure programming practices when we create websites. But some website software is quite vulnerable. Wordpress is well known for security breaches, and it is not the only one.

Contact us for more information and prices on SSL/TLS certificates