“...Happiness has many roots, but none more important than security.”
E.R. Stettinius, Jr.
This post is designed for business owners or their staff who want to find out about getting an SSL Certificate for their website.
If you're a developer, or you want to disappear down the SSL Certificate proverbial rabbit hole, then this isn't for you because we are keeping it simple and easy to apply.
You may also find this article useful:
Disclaimer: Please remember we are offering standard and basic advice without looking at your particular circumstances. You may have particular needs, may need particular cover which may need you to pay more, or get something different.
So, how much should an SSL Certificate cost for a business website?
Think of this as like buying transport. If you stand in the high street and say - 'How Much Does Transport Cost?', the answer depends on what type of transport you want - a set of roller skates, a bus ticket or a high-end car, and so you need to go away and make a decision.
When you're buying an SSL Certificate it's the equivalent of already decided that you need a Saloon Car and a 4 door BMW 3 series will be fine - now you can get some price and feature comparisons from different suppliers, but you know roughly what to expect it to cost.
There is a basic ballpark figure answer, depending on a few variables:
- How long do you want the certificate to last for - 1 year or longer?
You can usually renew at the end of the 1 year. Although you may save some money if you buy for a longer period up front, if you have just one domain, no sub-domains and you aren't working in an industry that has specific requirements, the savings are not big enough to worry too much.
- Do you work in the financial, legal or other similarly regulated industry that demands a greater level of security?
A domain-validated SSL certificate, otherwise known as a low assurance certificate, is the standard type of certificate issued. They normally cost about £50 for the year.
- Processing time: a few minutes to a few hours
An organisation-validated certificate, or high assurance certificate, means the domain ownership and the organisation information such as name, city, state and country are also validated. Similar to a low assurance certificate, it requires additional documentation to verify the company identity. The cost is usually under £100 per year.
- Processing time: a few hours to a few days
An EV certificate, or extended validation certificate, is a certificate that requires the most rigorous validation process. This type of certificate checks to ensure that the business is a legal entity and requires business information be provided as proof of domain ownership. Standard SSL certificates do not represent that your website is being operated by a legitimate, verified business.
One exclusive feature of purchasing an EV certificate is that your website browser bar will display a green padlock. This can help to bolster consumer confidence and provide reassurance that the transaction is secure.
- Processing time: a few days to a few weeks
- Recommended for: all e-commerce businesses
It's the Extended Validation Certificate where visitors to your website will see this green padlock in their browser...
We suggest you make a decision between the Domain Validated and the Extended Validation as we are talking only a few pounds between all of them.
You may also come across Wildcard certificates which let an unlimited number of subdomains that live off a singular root domain.
For example, say you want to secure the domain www.mydomain.com and its subdomains - www.blog.mydomain.com, www.baking.mydomain.com, www.wine.mydomain,com, you would need to request a wildcard certificate with *.mydomain.com as the common name. This certificate would secure blog.mydomain.com, baking.mydomain.com, wine.mydomain,com, etc.
Multi-domain certificates can protect upwards of 210 different domains with a single certificate (depending on the provider you choose).
What type of warranty should I get?
Think of your SSL certificate as insurance and the price can vary based on the vary based on the amount of warranty coverage offered.
The warranty is not a warranty to protect you as the owner of the site and buyer of the certificate, but rather to protect the end users of the site.
The idea is that if a consumer suffers a monetary loss after making a purchase on a fraudulent website, the certificate authority is technically at fault for not displaying a browser warning and failing to protect the consumer and would compensate the visitor to the website.
While having a massive amount of warranty cover may give you peace of mind, it’s often used as a tactic to convince you to pay more for the same product.
For most circumstances, the standard cover will be enough but always check if you have concerns.
What about free SSL Certificates?
Let's Encrypt is an open source organisation (this means that a community of developers collaborate for free and that the coding is available for anyone to access) which provides free SSL Certificates. It is sponsored by various organisations to help with the funding of the project.
Many website hosts who provide free SSL Certificates as part of their hosting packages use Let's Encrypt Certificates and the quality or validity of the Certificate isn't an issue - depending of course on you getting the right level of security for your needs.
What might be a problem is the degree of support you get. If you're a web developer who does all the techie stuff then support via a community forum is fine, if you're a business owner who is managing your own site, this type of support is probably not for you.
Beware Stupid Prices!
There are some outrageous prices being charged for even the most basic SSL Certificates. We have personal experience where a certificate which should cost around £50 to buy and £30 to fit has been quoted as £600!
This is a difficult subject to understand, and so it can easily fall prey to what we shall call ambitious pricing.
If you want a good idea of what to need, what to buy and how much it should be, and you want a different opinion, or confirmation, then a really good place to start is a reputable hosting company - and there are loads of them out there - just give them a ring and talk to them - that will also give you an idea of the type of support they offer.
We have partnered with Go Daddy to bring you SSL Certificates and you can pop over to our digital shop. The techie people there will be happy to help you 24/7 or you can give us a call on 01634 566321 during BST office hours and we can help.