“...The internet is insecure by default. Netiquette and security certificates add a level of safety. NetworkEtiquette.net.”
David Chiles, Author - The Principles Of Netiquette
Here's the gobbledygook explanation of what is an SSL Certificate...
An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.
A certificate serves as an electronic "passport" that establishes an online entity's credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user's browser accesses the server's digital certificate and establishes a secure connection.
An SSL certificate contains the following information:
The certificate holder's name
The certificate's serial number and expiration date
A copy of the certificate holder's public key
The digital signature of the certificate-issuing authority
How do I tell if my website already has an SSL Certificate?
You can tell if you already have an SSL Certificate attached to your website by looking at the URL or web address of your domain name. So http://www.mydomain.com does not have an SSL certificate whilst https://www.mydomain.com does. The clue is the letter s at the end of the http.
If you go to the Chrome browser window on your computer to look at the URL or domain name of your website, you may or may not see all of it. If you copy what's in the browser window and then paste it into a document or note, you will then get to see the full URL, with the http bit and you can see if yours has the s on the end.
Sometimes, Google (Chrome) will put an alert in the browser window telling anyone who visits the website that it's not secure. This doesn't look fabulous and probably isn't the impression you want to give to your website visitors.
When the SSL Certificate is installed, then your website gets marked as safe, and your visitors will see something like this:
If you don't have an SSL Certificate, the visitor is likely to see something like this:
Google likes websites to have SSL certificates because it's an indication of the authentification of ownership. Basically, Google reckons that if you're prepared to stand by your website as the owner, then chances are the quality of the information and the experience of anyone visiting your website is likely to be a lot better than some old website thrown up by goodness knows who to publish or sell rubbish.
Do I need an SSL Certificate?
Your website will still work without one. But you do need to consider the following:
- If you are taking payments or other information from visitors, an SSL Certificate offers a degree of protection for their data, which as a business owner you do have a legal obligation to protect.
Basically, if visitors to your website can fill something in, then you should get an SSL Certificate.
- Some industries, such as the financial industry, require practitioners to have an SSL Certificate attached to their website. Some professional bodies even require their members to have a higher level of SSL security than the basic certificate. If you are buying an SSL Certificate for this reason, you must get further advice from your hosting provider, web developer and SSL Certificate provider to ensure you are complying with the standard for your industry governing body.
- Even if you aren't collecting payments, Google likes SSL Certificates and not having one could affect your rankings.
- If you are bothered about how visitors to your website will be affected by seeing an 'insecure or unsafe warning' then you ought to consider it regardless of what information you gather. Remember that website visitors may not understand that 'unsafe' relates to an SSL Certificate and make all sorts of assumptions about your business.
Will an SSL Certificate secure my website from hackers?
That's a yes and no answer. The 'security' bit of the certificate will help to keep your site secure from hackers, but it is just one of a range of measures you should be implementing.
The SSL Certificate is one move to secure the admin panel or your website and the SSL ensures secure data transfer between user browsers and the server, making it difficult for hackers to breach the connection.
How do I get an SSL Certificate and what should it cost?
There is a more in-depth article about how much an SSL Certificate should cost here.
Some hosting companies will provide you with a basic free certificate so your first point of call could be to contact them.
This free certificate is often the same as the certificate you would get through Let's Encrypt.
Let's Encrypt offers free SSL Certificates through open source software (open source software means that it has been developed for free by a sometimes nebulous group of coders who dip in and out making amendments.
Open source can be great, and of course free. Let's Encrypt has a fantastic reputation and is sponsored by some large organisations which means they can help website owners, but the level of support they can offer may not be suitable for the novice.
If you have someone who helps you with your website, then ask them about an SSL Certificate. You should expect to pay initially around £50 per year for a Standard SSL Certificate, for one year, on a single domain. If you have multiple domains, sub-domains or you want to buy one for a longer period of time, then prices change accordingly.
If you are in the financial or similar strictly regulated industry, then you can get a similar level of SSL security on a single domain for one year for around £80. The key difference is that your Domain and your Company are validated by the certificate. With a basic SSL Certificate, only your domain is validated.
If you are buying an SSL Certificate and having a developer 'fit' it for you then this is a fairly simple job which should take about 20 minutes if they are already hosting and managing the site for you and between 30-45 mins if they have to liaise with an unfamiliar hosting provide and gather details and passwords from you to access your website hosting.
Beware Stupid Prices!
We hear stories of people being quoted over £600 and this is not a case where spending more money is going to get you a better deal. Our most recent customer was quoted over £1,000 to buy and fit a standard SSL Certificate when the total cost to them turned out to be less than £70 for purchase and fitting.
We have partnered with Go Daddy to bring you SSL Certificates and you can pop over to our digital shop. The techie people there will be happy to help you 24/7 or you can give us a call on 01634 566321 during BST office hours and we can help.