Is Your Website Secure?
An SSL or Secure Socket Layer certificate is a small data file that digitally binds a cryptographic key to the organization that owns the website. When it is active on a website it changes the site from http to HTTPS which means it is http over TLS (transport layer security), changes the HTTPS to green and adds a padlock. This informs the visitor that it is a secure connection and that it is okay to share sensitive data on this site as the ownership is confirmed and the data being transferred is encrypted, currently with a 2048-bit encryption key which is bank level security.
When a user enters day into this site it is encrypted, and they only person who can decrypt the data and actually read it is the owner of the website who has the other part of the key which is considered the private key. If someone were to intercept the data transferred and they didn't have the private key, this is what it would look like. Pretty useless right?
However the site owner who is supposed to have access and needs access to the information to complete the transaction can read it as plain as you are reading this blog.
Do I Need An SSL Certificate For My Website?
SSL certificates keep data safe between servers, as we discussed above this ensures that all site data transferred is encrypted and cannot be read by a third party who is not supposed to have access to the data and does not have the private key to decrypt it. According to Google, having one will increase your search engine rankings, you can read about it on their webmaster blog. I did find on Search Engine Land that Google is only counting this as a very light weight increase now, but may reconsider this in the future. Having a secure site does enhance customer trust and ensures customers that your site is legitimate. There is a cost however to these certs so you will want to weigh that cost with the benefits, however, if you are transferring any type of sensitive customer information, protected health information, financial information, credit cards, or storing personal information of any kind you must use SSL certificates on your site.
If you determine that you need an SSL certificate for your site you must purchase one by a trusted Certificate Authority. The most popular companies are GlobalSign, Verisign, and Digicert. There are also re-sellers such as Godaddy, DreamHost, etc. and I would say as long as you are buying from a reputable company you should be okay.
Now their are different types of certificates that you need to be aware of and they have varying prices. You can purchase an SSL certificate for your single domain for about $60 per year and it will provide you security for your one website and also provide you with insurance in case your site is breached and it has something to do with the certificate.
You can also by a certificate bundle that protects multiple websites, usually up to 5 and this runs about $135 per year, has all of the same benefits and insurance. This is a good option if you are hosting multiple websites.
The most expensive is a wildcard certificate and this will most likely be purchased by large businesses as it protects all sub domains that such organizations will use. These run upwards of $300 per year so you would only want to purchase this if you are a very large business with many sub domains for email servers, web servers etc.
Now you may be saying I've seen a much wider range of prices than this looking around the internet, whats the difference? The difference usually comes down to the amount of insurance to back you up in the event of a breach, and the number of domains that it is good for. You will want to make sure it is at least a 2048-bit certificate and make sure if you are buying it from a re seller that they are using a trusted certificate authority.
I hope this article has been informative. As always if you need assistance with this or any other technical service feel free to reach out to us at Hill Country Technical Services.