What's in an SSL Certificate ?

Cybercriminal attacks are getting more and more sophisticated. If your business's site doesn't have an SSL certificate you are putting your reputation and your site's visitors at risk. In this blog, we will be covering:

What is an SSL Certificate?

The Types of SSL Certificates

Why do SSL Certificates Vary in Cost?

How to Pick an SSL Certificate Provider

If your business's website doesn't have an SSL certificate, we can help. Book a call today.

What is an SSL Certificate?

SSL Certificates are a vital part of internet security, especially when your business needs to have an online presence. SSL certificates secure your domain, providing your online visitor's security, which is paramount.  You need to create a secure environment that makes clients and potential customers confident in your business. Position your business as a trusted and secure resource- an SSL certificate helps you do that in two essential ways:

1. It provides an encrypted link between the user and the server hosting your particular service. This is vital when exchanging sensitive information like personal information and housing financial transactions.
2. It provides proof of identity. Verifying that the site they are on is owned and operated by the correct owners and has not been spoofed. How to check this: When you view the certificate (click on the padlock next to the URL)–The company name should match the website

As technology advances, so does the sophistication of cybercriminals attacks. We have seen business's websites spoofed or redirected which causes a lot of grief for the business, their clients, and their potential clients. In fact, as a result, Google Chrome and other browsers will now penalise (and potentially block) any website that does not have an SSL certificate. Check to make sure your URL begins with https:// not just http://. The S indicated that the website does have an SSL certificate. If you don't have one, we can help you get one- book a call with us today.

Types of SSL Certificates

Not all SSL Certificates are equal. There are essentially 2 types of SSL Certificate generally available now:

1. Single Name Certificates (for only one service/host server) - e.g. www.companyname.com.au OR service.companyname.com.au, etc.
2. Wild Card Certificates (for use on multiple services/host servers) - e.g. www.companyname.com.au AND service.companyname.com.au, etc. Wildcards, of course, are more expensive, but if you have more than 2 or 3 services they can be cost-effective.

SSL certificates can only now be purchased for 1 year periods, so make sure to renew it every year.

Why the Varying Costs for SSL Certificates?

There are definitely cheaper options out there for SSL certificates. However, you do get what you pay for.

As we outlined above, SSL certificates are not all the same. Having a cheaper SSL usually provides minimum encryption and trust, and is considered the bare minimum when it comes to protecting your website and it's visitors. The more expensive the SSL the more protection it provides. We can help you weigh your options and find the right provider for your business.

Which SSL Provider Should I Pick?

We have put together a checklist to help you decide on the best SSL provider for you:

1. Do they properly validate the identity of the SSL purchaser? This is a manual, slower process to ensure that the purchaser of the "www.CONTOSO.com.au" SSL certificate actually is CONTOSO and not an imposter. They also include your business name on the certificate. Cheaper providers simply do not have the infrastructure for this important step, or they skip it or do a very basic check = Lower Trust = the main reason for a cheaper price.

2. Is there a warranty offered to users of your internet services? Warranty is an insurance for an end-user against loss of money when they make a payment on an SSL-secured site. This is very important for e-commerce sites but is also important if personal data is being submitted to the secure site. e.g. GoDaddy offers only a limit of $1000 to end users against loss of money when submitting a payment on an SSL-secured site. = Lower Trust Our preferred provider comes with a $1 million warranty.

3. Are you buying the SSL from a registered Trusted Certificate Authority or just a wholesaler? Is the provider simply a mass wholesaler of other people's SSL's or do they directly stand behind it and offer the service themselves? Trusted Certificate Authorities are organisations that have earnt trust globally (and by all web browsers) to safely and securely provide secure identities. There are only 8 actual Trusted Certificate Authorities in the world. Our preferred provider is one of these Trusted Authorities and offers 24X7 support.

4. What Level of Encryption is provided? What level of encryption is provided to protect the data in transit over the public internet- 128-bit / 256-bit? This encryption means how easy is it for a hacker to grab sensitive information. The standard now is 256-bit - which is a lot harder to hack.

5. Is the SSL Certificate guaranteed to Work on All Devices? Has the certificate been verified to work on all devices that may connect? e.g. smartphones and tablets? Some providers do not - though this is becoming less common.

As an internationally ISO27001 accredited organization, Sensible Business Solutions takes security very seriously.

We have to go out of our way to ensure the systems and suppliers we deal with have best practices in place, offer business-grade support, etc. The choice is up to you - but we will always be able to help you with the systems we recommend.

If you need more assistance, give us a call, we're happy to lend our expertise to your organization.