If you are a website admin/owner, leaving your website unsecured can be incredibly damaging for your users, business, and overall brand reputation. According to the latest Google Transparency Report, 95% of web traffic in the U.S. is encrypted with most of the world following closely behind at approximately 90%. This means that users are accustomed to seeing that padlock icon next to an URL. You don’t want to be the website losing out on business because your website is displaying something else…
Without an SSL Certificate being in place, the connection is left both unguarded and unauthenticated - meaning any and all information that you send to or receive from a website can be intercepted without much effort by hackers.
An SSL Certificate is used to secure and encrypt the connection between your web browser and the website that you are accessing.
An SSL Certificate authenticates the website you’re accessing, so you can be confident that you’re connected to the correct website.
Many website owners choose to adopt SSL/TLS for one very simple reason – to avoid warnings on their website that could scare users away. Your website will receive a gray or red “Not Secure” indicator if you do not have an SSL certificate.
Nearly every country and industry has at least one law/regulation that requires businesses to encrypt sensitive customer data. Businesses who fail to use SSL/TLS (and other mechanisms) to encrypt customer data can face substantial fines. For example:
These are very important laws/regulations that need to be taken seriously. If you fall into one of these categories, it is imperative you get the appropriate SSL certificate.
When running a business, the last thing you want your users to run into are errors or a lack of functionality on your website – nothing can be more frustrating. Well, without HTTPS, your users could find themselves running into quite a few. Here are a few features that only work on HTTPS websites:
HTTP/2 is the latest version of HTTP. Enabling HTTP/2 can reduce your website’s page load time by over 13%. We all know how important page load times are for converting web traffic. Most major browsers fully support HTTP/2, but they will only support it over an encrypted connection. This means you need an SSL certificate to ensure you and your users enjoy the benefits of HTTP/2.
Google has made it clear that security is a top priority for not only them, but should be for all webmasters. As part of their call for “HTTPS Everywhere”, Google further expanded the call to reward those webmasters who secure their websites with SSL/TLS encryption. The reward? Google rewarded those with SSL/TLS encryption with a boost in SEO rankings.
There are three different types of authentication levels. Domain Validation, Organization Validation, and Extended Validation. Each of these provide encryption, but they carry different levels of verification, visual indicators, and added benefits to secure your website.
A Basic Domain Validated (DV) SSL Certificate is the first tier of SSL/TLS Certificates. Often known for their no-frills encryption and quick issuance, Domain Validated SSL Certificates are quick to get up and running but only prove ownership of the domain being secured.
A Business Organization Validated (OV) SSL Certificate is the middle tier of SSL/TLS Certificates. Known for their Organization Verification and Dynamic Site Seals, they’re a great starting point for those looking to showcase their organization.
A Premium Extended Validation (EV) SSL Certificate is the highest tier of SSL/TLS Certificates on the market. The EV cert allows for users to verify your company information and that they are on the correct website through your certificate details – an effective way to establish immediate trust with users.
An Extended Validation SSL Certificate is an investment into both your business and online presence. This investment in your business and online presence is driven by trust.
Georgia Tech’s Cyber Forensics Innovation (CyFI) Lab studied 2.6 million domains connected to EV SSL certificates, which showed that EV SSL certs are “99.99% more likely to be unassociated with bad cyber actors.” It’s long been known in the cybersecurity community that most phishing-related cybercrimes are associated with SSL certs that need a lower level of validation to obtain.
Having a Premium EV SSL Certificate doesn’t just secure your website, but having one also has a huge difference on your online presence. The only challenge that you might discover is with regards to the validation required for the Premium EV SSL Certificate. The validation required to get an EV SSL Certificate is not difficult for registered businesses, instead it’s meant to stop shady characters from applying for an EV SSL cert under a fake company name or business.
It’s not hard at all for a legitimate business to complete the process listed above. With our team of experts, we’ve helped many companies navigate the process quickly and easily—we look forward to helping you as well!
Now that you’re aware of the different validation types of SSL Certificates, let’s introduce you to the different types of SSL Certificates. There’s Single Domain SSL Certificates, Multi-Domain (SAN) Certificates, and Wildcard SSL Certificates. All serve the same purpose of encrypting personal information being sent from the client and the webserver, but all provide different capabilities and flexibility for the web master.
By far the simplest type of SSL certificate, Single Name Certificates provide coverage for just a single domain. Thus, making it easier to control and manage for your team. An example could be www.austlink.net
As the name suggests, Multi-Domain Certificates provide coverage for multiple domains. This can be extremely helpful for webmasters that own and manage multiple sites such as www.austlink.net and www.jiwatraining.com.au.
Wildcard SSL Certificates are extremely helpful for web masters that utilize a lot of sub-domains because of their capability to secure an unlimited number of subdomains. Examples of sub-domains for austlink.net are help.austlink.net and cloud.austlink.net.
SSL Certificates are not the only security product that we offer. Our team is also pleased to supply both Code Signing Certificates and Email & Document Signing Certificates. With the increase in malware and adware being distributed from emails, documents, and application packages, there’s never been a better time to not only secure your applications, documents, and emails, but also to assure that they have not been altered in any way.
Code Signing Certificates ensure that the software, application, or app has not been modified since being created by the developer. Often referred to as being the digital “shrink wrap” because it validates the code is in its original form.
Email & Document Signing Certificates have become a standard in the industry with regards to ensuring that communication that is sent is validated and that the contents have not been modified since being sent.
Starting September 1, 2020, most browsers will no longer trust certificates with a validity period longer than 398 days. This means that you can no longer buy a multi year certificate at a reduced per year price. To combat this a number of vendors have introduced the concept of a Subscription SSL so you can continue to receive a reduction in price for a commitment to the one vendor.
Since September 1, 2020, when a customer orders a multi-year certificate, the 1st certificate is issued with a validity period of 398 days. Before expiration, you will be notified to reissue the certificate preferably with a new CSR. Upon validation and reissuance, a 2nd certificate will be issued for the remainder of the subscription term or 398 days, whichever is shorter. The frequency of this replacement process will be determined by the number of years purchased upfront.
For a three-year Subscription SSL bundle, a certificate would be issued on September 1, 2020 with an expiration date of October 3, 2021 (398 days after issuance). The client submits a new CSR on October 3, 2021. Upon validation, a new certificate would be issued for another 398-day validity expiring on November 5, 2022. The process repeats around November 5, 2022, and the final certificate is issued to expire on September 1, 2023 — three years from the original issue date.
A new CSR will need to be provided and validated at the end of each 398-day period until the remaining life-time of the subscription purchase is less than 398 days, then it will be issued to max duration allowed.