Strategic Go-To-Market Blog | Six & Flow

Why SSL certificates are essential to website security and performance

Written by David | 19 July 2018

Secure Sockets Layer (SSL) is a website security essential. This technology encrypts anything communicated between your browser and the server (website) you are connecting to. As a result, it prevents anyone reading sensitive information you may be sending back and forth, such as passwords, card details and your home address.

How to tell if you already have an SSL

Browsers show if the website has an SSL certificate – just look for the domain changing from http:// to https:// and a green lock symbol appearing to the left of the URL. 

Clicking the green lock will also provide information on what protection is covered. This can include images, links, emails and any data sent between browser and server.

As you can see, the Six & Flow website currently has a valid SSL certificate – take a look!

Think everyone must have one already? Think again. In November 2017, only 71% of reviewed US Government websites passed the SSL test.

And it’s not enough to simply set one up and walk away. LinkedIn’s SSL certificate expired in December 2017, preventing millions from accessing the website. In January 2018, the UK Conservative Party suffered the same problem!

 

The benefits of website security

For starters, having an SSL certificate is key to website security, protecting your customers from becoming victims of data theft.

However, it can also be a huge factor in the success of your website, and by extension the success of your company. Users will be more likely to trust your site and make purchases with confidence if they can see you have a SSL certificate.

Recently, it even began to effect how you rank on search engines. Companies like Google are now checking if your website has a SSL certificate. If it doesn’t, your ranking will be reduced and they’ll mark HTTP pages as “not secure” which is likely to put off most website visitors.

Just take a look at these 7 GIFs that perfectly describe a website without an SSL certificate…

 

How and where do I get one?

There are a lot of companies that provide SSL certificates, too many to list here, but the process is pretty much the same for everyone.

Once you’ve been provided a SSL certificate with a private key, this is installed on your server. There are various ways to do this depending upon the software installed on the server.

There are plenty of companies that provide SSL certificates, but the browser has a list of Trusted Root CAs. These companies have been audited against security and must meet the requirements.

 

Which SSL should I get?

Companies that provide SSL certificates will offer different services and features for various prices. What you invest in should depend on the website security features you need. This can vary from client to client, so we advise you speak to whoever manages your site.

All certificates will provide the green padlock and change the domain to https://. All other features will provide extra security for you or your client. This will range based on insurance, how many websites can be used with the license, how the domain bar looks (there’s an option for the bar to be green too).

These features add an extra cost, and what you choose will depend on your budget and needs.

 

What would we do?

Below, I’ve listed some of the companies we would recommend:

  • Cloudflare – We have found there can be issues if applied to a Magento website however, so we advise to avoid if this is the case for you
  • Comodo – This company provides website security to the military, and is regarded as one of the best
  • Namecheap – Provides a lot of different packages
  • TSO host – They provide our SSL Certificate and have been very reliable

There are many options to get a free SSL certificate, but these will always come with some restrictions when compared to paid alternatives. This will range from a time limit on the certificate (so they may expire after 90 days) or a limit on the level of security provided (most likely the absolute minimum)

Free options would therefore only be advised if you have no other choice and it’s impossible to buy one. While cutting this cost may be tempting for some, we’d suggest that it’s really not worth the risk. Do you really want to jeopardize your website security?