SSL Certificates: All You Need To Know
It is common knowledge that SSL certificates are used to establish a secure connection to your website. Thus, if my site abc.com is running without an SSL certificate, it will be available at http://abc.com whereas if I install an SSL certificate for my site, it can be accessed at https://abc.com
Naturally, the https:// part is pretty important — displayed in green in the address bar of web browsers, it tells the visitor that his or her connection to the given website is secure.
SSL Certificates: All You Need To Know
The Advantages of SSL
There are many direct and obvious benefits of using an SSL certificate for your website. As mentioned above, security is the primary and foremost advantage that you can associate with SSL certificates.
However, that is not all. An SSL certificate has more to it than just secure connections.
As unbelievable as it might sound, SSL certificates carry an SEO benefit too.
Even though this trend has started pretty recently, it is official now that Google takes https:// as a factor in consideration when deciding the PageRank of a website. It’s a fairly minor factor though — all other aspects, such as the content of the website in question, plus its mobile-friendly design, page speed insights and UX elements — everything else comes into play above SSL, but if two websites of essentially equal merit are put head to head, the one with SSL gets a priority over the one without a secure connection.
Since this is a rather recent innovation in SEO metrics, many webmasters and SEO wizards are yet to catch on the trend. If you are just getting started with your website, opting for an SSL certificate for your website can give you a potential boost in terms of PageRank, as far as Google is concerned.
Would you be comfortable entering your password on Facebook if it gives an SSL error or offers a non-secure connection?
Similarly, your users might not be willing to do business with you if your website does not offer a secure connection. Of course, in some cases, an SSL is mandatory, as we shall see later in this post. However, even if you do not compulsorily need one, getting an SSL certificate can work well for your business.
Consider this scenario: you are selling a product, but you are not collecting user’s payment details or credit cards yourself. Instead, you are relying on a third party service, say Gumroad or PayPal for this purpose. In this case, you do not need an SSL certificate. However, if you do decide to go ahead and get one SSL certificate for your website, it will go a long way in evoking a sense of trust among your users. And it goes without saying, if you manage to win the trust of your visitors, you will manage to convert into loyal customers too.
If you are running an eCommerce website, or selling a product, or collecting users’ info such as personal data or payment details, you need an SSL certificate. There is no way around this.
Also, if you are keen on using services such as Google AdWords on your eCommerce site (or even a section of it), you will need an SSL activated on your site. As per its latest policy, Google AdWords requires all shopping cart and checkout pages on eCommerce sites to have SSL certificates installed. While this applies only to shopping cart and checkout pages, and the rest of your site can be non-secure, you might be better off installing an SSL certificate across the entire website for the sake of uniformity and better trust among your users.
However, you might need to decide what type of SSL certificate is needed, depending on your requirements and needs. And that brings us to the next section of this article.
Things to Keep in Mind When Buying an SSL Certificate
So, what are the major factors or considerations that you must bear in mind when purchasing an SSL certificate?
Type and Nature of SSL Certificate
SSL certificates come in varied types and forms. If all you need is https:// ahead of your website’s URL, a simple domain-level validation certificate will suffice. These are activated almost instantly and you can set them up within minutes.
However, you can also opt for organization-level or wildcard SSL certificates that, as the names suggest, secure multiple websites or sub-domains.
Similarly, if you need the green bar in the address bar, you will have to opt for the relevant certificate.
You must note that the bigger the rank of certificate, the costlier it gets, and the longer it takes, at times, to be issued and verified or activated.
This is, definitely, the most important aspect related to SSL certificates.
While pricing varies on the basis of market trends, a domain-level certificate, depending on the provider you opt for, costs between $9 to $15 per annum. Similarly, wildcard certificates can range anywhere between $49 to $99.
For this purpose, if you are “purchasing” an SSL certificate (that is, not getting one free from your host, etc.), it is advisable to purchase one from a different provider than your original web host. Most web hosts tend to overcharge for SSLs, just because they can! If you are confused about where to head to, Namecheap and Name.com are the ones I use personally for most of my SSL and domain needs.
This is more of a minor consideration, to be honest, but still one you should be aware of. SSL certificates are not like web hosting that you can pay per month, or once a year, and change as and when you feel like. Instead, these operate much like domains: if you add https:// to your site once, and then feel that SSL certificates are not something you are fond of, going back to http:// would mean that at least some of your visitors will get a security or SSL mismatch warning, no matter how well you redirect your traffic.
As such, once you add an SSL certificate to your site, it is better to stick to SSL-only. Therefore, purchasing multiple years’ SSL at the same time is not a bad idea. Also, note that many providers offer you discounts if you purchase 2 or 3 years validity for the SSL certificate.
Installation and Setup
Once you have purchased you SSL certificate, it will need to be installed. Generally, your web host and/or SSL registrar should activate and do the job for you. However, for your rough info, this is how the process goes: you generate a Certificate Signing Request (CSR) on your web hosting panel, then activate your SSL by entering your details, and then paste that CSR therein, to get a CRT code sent to you via email that you then need to paste in your hosting control panel. That’s basically it.
However, even if you get your web host to do it all for you (ideally, you should), there are certain additional steps that you should take. It is always a good idea to redirect all non-secure traffic to the secure version of your website. I personally use .htaccess rules for this, though you can make use of a WordPress plugin too. Similarly, you should ensure that media elements, such as images etc. are also served over https:// and not http://
With the advent of modern web browsers and SNI-enabled servers, you can install SSL certificates on your websites even if they share an IP with other non-secure (or secure but a different certificate) websites. As such, a dedicated IP is not needed for installing an SSL certificate and if your web host asks you to purchase one, you can choose not to.
Lastly, if pricing is an issue, Let’s Encrypt is a service that you can look at. Also, many providers such as COMODO offer a limited period SSL certificate that you can use for free, if you wish to test things before purchasing a certificate.
Tap offers a free shared SSL for all of its free sites and automatic SSL on its Tap Pro sites using Let’s Encrypt. Quite obviously, this gives SEO benefits and secure access to your websites, without you having to invest in an SSL certificate.
How has your experience been with SSL certificates? Got questions or feedback? Express yourself in the comments below!