Learn what an SSL certificate is and why it is essential for securing your website, protecting user data, and improving your SEO.
Danni Jessen
If you own a website and have an e-commerce solution, you have probably already come across the terms “SSL certificate” or “switching from HTTP to HTTPS” – and with good reason. An SSL certificate is something every online business, website, or internet application that processes personal data should have to ensure both parties’ private information remains secure.
Which icon is displayed in your browser? SSL stands for “Secure Sockets Layer”, while HTTPS means “Hyper Text Transfer Protocol Secure”. An SSL certificate helps establish an encrypted and secure connection between a web server and a browser. In other words, an SSL certificate is an encryption protocol that ensures only the sender and recipient can read the information being transmitted. This encrypted connection ensures that all data – such as NAP details (name, address, phone number), credit card details, and so on – sent between the web server and the browser remains confidential. The purpose of the SSL certificate is to encrypt and secure the data and information sent between the visitor and the website, making sure that the information stays strictly between those two parties.
Who wouldn’t want to provide visitors with a safe and secure experience when making a purchase or booking online? A lack of security and trust can result in visitors not taking the desired action – exactly what we want to avoid. Any measures that help make customers feel secure during the buying or booking process will increase the number of completed sales or bookings. These measures can include information and reassurance, typically found on an “About Us” page, clear company details in the website footer, and, of course, an SSL certificate which proves your company’s identity and secures all data between the visitor and your business.
There are many good reasons to implement a secure SSL encryption protocol.
Google’s declared goal is to be a safe and relevance-oriented search engine, only presenting the best and most relevant results when people “google” for information, products or services. Today, the best results are also considered the safest. For this reason, Google “rewards” websites with an SSL certificate by displaying a green padlock, the word “Secure”, and showing “HTTPS” in green writing – all of which signal to your visitors that they have landed on a secure website and can safely provide confidential information.
Google is already making website owners aware of the importance of having an SSL certificate and therefore an encrypted and secure connection. That means if you haven’t yet switched from HTTP to HTTPS, you risk seeing the following in your Chrome browser.
This is a strong signal to your visitors, letting them know it is not safe to enter confidential information, as the data could be stolen by hackers. In today’s world, where consumers and citizens are constantly hearing in the media and on TV about data and personal details being hacked or misused, this has a significant impact on which websites we feel comfortable visiting and which we do not. When searching on Google, you can already see directly in the organic results which websites are using a secure HTTPS encryption protocol and which are not. This helps strengthen your Click Through Rate.
As early as December 2015, Google announced it was time to end insecure websites, and has since tightened and improved its algorithm to prioritise secure results. This means that if you want to rank highly in Google’s search results, one of the many ranking factors within search engine optimisation is having a secure HTTPS encryption protocol. You can read Google’s official blog post here.
In January 2016, Google tightened security again. This means if you have Google Shopping ads or wish to get them, it is a requirement to have an SSL certificate. More and more websites are experiencing their Google Shopping campaigns being suspended due to a missing SSL certificate. This is yet another move by Google to push website owners who have not yet implemented a secure encryption protocol.
Isn’t an SSL certificate just an SSL certificate? The short answer is no – definitely not. There are differences between the types of SSL certificates and providers.
Broadly, there are six different types of SSL certificates, each with its own advantages and disadvantages.
Single Domain SSL is the most affordable solution available. The only requirement to obtain this certificate is that the domain you wish to secure belongs to you. The process involves an email being sent to you with a link, where you must confirm and validate that you are the website owner. The certificate is then issued, and you can install it on your website. With Single Domain SSL, only the “https:” part of the URL appears green.
Multiple Domain SSL, also known as Organisation Validated SSL, can be used for up to 100 (sub)domains. With this certificate, you must go through a more extensive validation process, as it is not just your website but your business that is validated. The process involves providing your company details when you order the Multiple Domain SSL. The issuing provider will then check if the business exists and, in most cases, you will receive a phone call to confirm that you own the business and the various (sub)domains. As with Single Domain SSL, only the “https:” part of the URL appears green. The only difference is that, if you open the certificate in your browser, it will state that it has been validated against your business.
Extended Validation Single Domain SSL is the advanced version, requiring a dedicated application to a provider. This is the best, but also the most expensive certificate you can get. The validation process is the same as for Multiple Domain SSL / Organisation Validated SSL, although there may sometimes be more steps involved. With Extended Validation Single Domain SSL, you get not only the green padlock but also, in some browsers, a fully green address bar and your company name displayed.
Extended Validation Multiple Domain SSL is like Extended Validation Single Domain SSL, but can be used for multiple (sub)domains.
A Wildcard SSL certificate can be used for one TLD (domain.co.uk) and multiple (sub)domains. There is a risk with this type of certificate: if a hacker manages to create a subdomain on your domain, it can appear secure without actually being so. It is therefore recommended to choose Extended Validation Multiple Domain SSL instead.
UCC Exchange SSL is the only certificate that can be used for several different TLDs (xxx.domain.co.uk, xxx.domain2.co.uk). This certificate is specifically designed for Microsoft Exchange and Microsoft Communications servers.
For most website owners, a standard non-Extended Validation SSL certificate will be sufficient. If you run a webshop or website that handles more sensitive information such as credit card details, it is beneficial to obtain an Extended Validation SSL certificate. This allows your visitors to verify that you are who you claim to be. In a standard non-Extended Validation SSL solution, only the secure connection between the visitor and the website is verified – not the identity of the website owner.
At WeMarket, we offer businesses a benchmark report that compares their marketing efforts with their key competitors. You decide which competitors we should compare against.
We specialise in selling physical goods online and growing webshops – and now you can benefit from this expertise, even if you’re not already a client.
It’s completely free.
