HTTPS your website: which SSL Certificate to choose and where to buy

Data safety is a major concern for users when surfing the Internet. The complete knowledge of what their computer is sending across the browser to the website they are visiting might not always be clear to most users, but the reassurance that that data is in safe hands and will not be misused is sufficient. That’s the primary reason most websites these days use SSL certificates to protect the data they accept from users and to show to their visitors that they’ve taken the necessary precautions. After all, if a website is flagged as unsecure, would you want to visit it at all?

Secure VS Unsecure Browsing

When referring to some websites as secure, what is being referred to is the small padlock you see in the title bar of your browser and an “HTTPS” prefix to the website URL that you’re shown. This means that the website you’re visiting has been secured with an SSL certificate. For those of our readers who aren’t fully aware of it, an SSL certificate is a digital data file that binds a cryptographic key to an organization’s details. When installed on a web server, it activates the https protocol and the padlock and allows secure connections from a web server to a browser. SSL is typically used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing social media browsing.

With Facebook’s “data leak” becoming the talk of the town recently, the general public has become more aware of secure browsing and thus, most users have started paying attention to the “security” aspect of browsing. Most anti-viruses with Internet protection also mark websites as secure and unsecure based on SSL certificate authentications. Naturally, if a user’s browser or anti-virus marks a webpage as unsecure, his inclination towards visiting that webpage diminishes. And that’s where the catch lies for you.

If you own a blog or a website and don’t wish to lose out on your traffic, starting July 2018, you will have to make your blog or website HTTPS secure. And there are a lot of reasons you should absolutely be doing so.

Google down-ranks non-HTTPS websites

Although Google’s crusade against unsecure or unencrypted websites started years ago, in 2015, the Internet giant announced down-ranking HTTP sites. The move was done to make the entire Internet a safer place for users in general. With the onset of 2017, Chrome started marking password and credit card number fields on unencrypted sites as “Not secured”. And in 2018, Chrome is slated to start displaying a red “not secure” warning for all websites that are not secured with SSL (HTTP). Since Chrome is currently web browser number 1 with most users worldwide using it as their default, other browser vendors are sure to follow its lead and mark non-HTTPS websites as “not secure”.

While this is a great move security wise, it poses somewhat of an inconvenience for a lot of website and blog owners out there. Ever since the announcement came out, everyone is switching from HTTP to HTTPS, not only to preserve their loyal traffic, but also to prevent their website from being down-ranked. If you’re one of such users, well, you got no choice buddy! You should be switching to HTTPS too. Not only to avoid warnings being displayed with your website, but to make your and your users’ data more secure.

And contrary to what you may think, switching from HTTP to HTTPS can be easy and painless if you do it right. All you need to do is:

• Purchase an SSL certificate
• Have this certificate installed (by your server admin or shared hosting service provider)
• Change links on your website and create redirections for all URLs (for users and for Google)

In this article, we’re focusing mainly on the “purchasing an SSL certificate” step. So strap on and get ready to find out all there is to know about this.

Types of SSL Certificates

Before going into how and where to buy SSL certificates, you need to know that there are several types of SSL Certificates. You need to select the one most appropriate to your business.

Domain Validated (DV) certificates

A Domain Validated certificate (DV) is an X.509 digital certificate typically used for Transport Layer Security (TLS). This certificate proves that the domain name of the applicant has been validated by proving some control over a DNS domain. In simple terms this means that the Certificate Authority confirms only the right of the applicant to use the domain.

The only criterion for obtaining a domain validated certificate is having a proof of control over your domain’s “whois” records, DNS records file, and email or web hosting account. Most web browsers may show a lock and a DNS domain name but a legal entity is never displayed. This is because domain validated certificates don’t include a legal entity in their subject.

Organization Validation (OV) certificates

An Organization Validation (OV) certificate is issued to a website if it is able to meet 2 criteria: the right to administratively manage the domain name, and, the organization’s actual existence as a legal entity. In this case, Certificate Authority confirms the right of the applicant to use the domain plus verifies some organization details.

As opposed to DV certificates which are merely checked against domain registry, OV certificates are trusted since they are strictly authenticated by real agents against business registry databases hosted by governments. This certificate confirms to the X.509 RFC standard and is the standard type of certificate required on a commercial or public facing website.

Extended Validation (EV) certificates

HTTPS websites that prove the identity of the legal entity controlling them are issued an Extended Validation (EV) certificate. Obtaining an EV certificate requires that a Certificate Authority verifies the identity of the requesting entity. In this case, the Certificate Authority confirms the right of the applicant to use the domain plus it conducts a thorough verification of the organization.

For such a website, next to the lock icon an additional information is displayed (usually the organization name). This option is used by all banks, financial institutions, etc. The criteria for issuing EV certificates are defined by the Guidelines for Extended Validation.

Single domain VS Wildcard

Out of the 3 package types that SSL certificates come in, “Single-domain” certificates can only be used on one specific website, and “Wildcard” certificates can be used on any website within a specific domain name. The technical difference between the two comes down to the Subject Alternative Name (SAN) field that is embedded in the certificate when it’s issued. If a certificate has only one SAN field and it contains a reference to a single website, then it’s a single-domain certificate. If that one SAN field contains an asterisk in the website name, then it’s a wildcard certificate.

Wildcard SSL certificates can be used to secure an unlimited number of websites and their subdomains (but not sub-subdomains). They are also about 10 times more expensive than a single certificate. To obtain a certificate for a sub-subdomain you have to buy another one for it – or get yourself an Subject Alternative Name (SAN) a.k.a. Unified Communication Certificate (UCC SSL) which is, in fact, an multi-domain certificate.

Now that you know what types of SSL certificates exist, you can take a decision as to which one will best suit your website. Once you’ve made that choice, the next step is to figure out where you can purchase the certificate from (yes there are multiple vendors for each) and exactly how much will you have to shell out for it.

Where can I buy an SSL certificate?

You might be a little surprised to know that providing SSL certificates is something multiple vendors do, and they are often not related to the government at all. In fact, the most easily approachable SSL certificate vendor is your website’s hosting provider.
You can easily obtain an SSL certificate in one of the following ways:

Free option – Let’s Encrypt

Let’s Encrypt is a free SSL certificate service provided by the Internet Security Research Group (sponsored by Mozilla Foundation, Akamai and Cisco, among other) since 2016. Not only is it free, but also easy to use. They provide tools that can be installed on a web server by a hosting provider and that makes installing a certificate is very easy for the provider’s users. Let’s Encrypt offers Wildcard certificates, but doesn’t offer Extended Validation.

5 Top Globally Trusted SSL Certificate Issuers

1. Comodo – A Comodo SSL Certificate is the quickest and the most cost effective method for an online business to protect its customers’ transactions. Apart from the low cost, each certificate comes with a great value-added package including features like mobile-friendly version, site seal, dedicated customer support, etc., which makes it perfect for small to medium size businesses.
2. GeoTrust – GeoTrust provides retail and reseller services for SSL encryption, and website authentication, digital signatures, code signing, secure email, and enterprise SSL products. Their primary products include Multi-Domain Certificates, Wildcard SSL Certificates, UC/SAN SSL certificates, Enterprise SSL, and many more.
3. RapidSSL – RapidSSL issues SSL certificates within minutes of enrolling with it and they help website owners develop and launch secure sites quickly. They provide customers with the confidence of secure browsing with https, closed padlock and a static trust mark for download and display on your site.
4. Symantec – One of the most trusted names in anti-viruses, Symantec offers SSL/TSL certificates to websites for the most recognized trust mark on the web. The Norton Secured Seal next to a website’s search listing adds power to its brand and click-through rates. They provide basic, Wildcard, as well as EV validation certificates.
5. Thawte – Thawte Consulting is a certificate authority (CA) for X.509 certificates. SSL certificates from Thawte provide robust authentication and encryption, reassuring website visitors that their data and transactions are secure.
   You can either buy their certificates from them directly or from any third-party vendors.

Your own Hosting Provider

The easiest path is to purchase an SSL certificate from your hosting provider and have them install it at once without any additional costs.

Cheapest SSL Certificates

If you don’t want the free certificate but would like to buy the cheapest one, there are several third-party SSL certificate sale sites which offer certificates from popular vendors on discounted prices. Browse to namecheap.com or ssl2buy.com, where you can find a PositiveSSL certificate from Comodo for close to $9 per year (at cheapsslshop.com even for $7, but it’s a sale price).

For CDN Users

If you’re using a CDN (Content Delivery Network) on your website (like CloudFlare), you can decide to use a certificate provided by the network and not purchase it yourself.

• HTTPS your website: which SSL Certificate to choose and where to buy supermonitoring.com/blo… via @supermonitoring

  Tweet this

Wrapping it up

Hopefully at this point you know sufficiently well about SSL certificates and how to obtain them. So your immediate next step should be checking what kind of SSL certificate installation your website has. To verify if your SSL certificate has been installed properly, use https://www.ssllabs.com/ssltest/ and check if you get “A” grade. If you do, you’re good to go. If not, you can always use one of the methods mentioned in the list above. Installing an SSL certificate, if it’s not automated (like with Let’s Encrypt), is quite an easy task for any server administrator.

Here’s wishing you a happy and safe browsing experience!