Published On: 2 November 2016

An SSL certificate is a good idea for several reasons. For instance, it conveys trust to the visitor and is mandatory for online shops, among others.

What is an SSL certificate?

SSL certificates are files containing a cryptographic key (key) that are digitally linked to a business or website. Once installed, they cause a lock icon to be displayed in the browser and data to be sent via the https protocol (port 443). This ensures that this data is encrypted. A must for websites where personal data is sent and entered, such as online shops.

Advantages of an SSL certificate

  • Using websites with SSL is more secure. The data entered during an order or contact form, for example, can be retrieved on a website or web shop without SSL. With SSL, this data is encrypted.
  • Google loves SSL. Indeed, Google often puts websites with SSL above websites without SSL.
    For example, even from 2017, the Google Chrome browser will indicate that a connection to a website is not secure with websites without an SSL certificate.

What types of certificates are there?

  • Certificate types SSL

    Domain verification and organisation verification in the browser bar

    SSL with extended validation (EV)This is the latest certificate with the highest level of security for the visitor regarding the identity of the website owner. It shows not only a lock but also a (partially) green bar.

  • SSL with organisation validation (OV): This shows a lock. This certificate offers a higher level of security than an SSL with domain verification. This is because companies and organisations have to provide various documents to prove that they are who they say they are.
  • SSL certificate with domain validation (DV): This shows a lock in the browser. This certificate does not require the submission of any documents, only a confirmation e-mail sent to a mailbox of the relevant domain.
  • Free certificate from Let's Encrypt: Let's Encrypt is an Open Source initiative by Facebook, Mozilla, Cisco, Shopify and HP, among others, and offers the possibility of setting up a free certificate.
  • Wildcard SSL certificate: A wildcard certificate offers an unlimited number of subdomains. No extended validation is possible. However, the number of subdomains covered by the certificate is without limit or additional cost.
  • Multi domain certificates: Here, the certificate can be extended by reissuing the current certificate for subdomains. Re-issuing additional subdomains usually incurs costs.

Why pay for an SSL certificate?

In the current set-up, when a free certificate is requested, there is almost no check on who is requesting it. This puts a visitor at risk compared to a paid certificate.
It is also known that hackers can use these free certificates and have used them to spread malware. Thus, in the past, attacks were encrypted to prevent tracing of perpetrators. Browser ratings for this certificate are currently still on par with paid root certificates. How that will change in the future is not certain.

Here are a few more advantages of paid certificates over free ones:

  • Paid certificates provide authentication in addition to encryption.
  • Free certificates have a term of only 3 months compared to paid certificates with a term of 1 to 3 years. This is not an issue with many servers because they can be renewed automatically.
  • With free certificates, all support regarding installation and problems is provided via user forums and other user initiatives.
  • Multi-domain certificates and wildcards are not possible with free certificates. These two types, with some differences between them, enable SSL on subdomains such as login.domainname.co.uk and domainname.co.uk with one certificate.
  • A paid SSL certificate exudes trust.
  • A paid certificate requires at least verification of the applicant by mail or DNS. This shows that the applicant has control over the domain name in question.

From January 2017, Google Chrome will start showing websites/web pages without SSL differently. Below are the situations:

chromjan1

chromjan2

You can get a paid certificate from €35,- excl. VAT per year. For installation, we charge a one-off fee of €99,- excluding VAT. With Let's Encrypt there are no such costs.
In addition, for a WordPress websites, depending on the size and structure, we spend a while converting from http to https. This varies greatly per website due to the template and plugins used.

Questions about an SSL certificate on your website or would you like an SSL certificate on your existing website or online shop?
We will be happy to speak to you on 0172-897789 or info@milcraft.nl.