You Probably Want an SSL Certificate on Your Website
December 12, 2018 / Updated: January 24, 2019 / Lena Shore
What is a security certificate?
Security Certificates (SSL) are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. It’s a little like sealing a letter in an envelop before sending it through the mail.
It keeps your information encrypted as it is sent across the internet so only the intended recipient can read it.
What does SSL mean?
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and intact.
How can I tell I have one?
Your website will have an https vs a http at the beginning of the URL in the title/location bar (see image). It will also display as “secure” with a padlock (or similar) in the location/title bar if it is secure.
How much does it cost to have one?
SSL certificate costs vary depending upon the type you get. The average cost to purchase an SSL and have installed is probably in the $150 range every year. It must be renewed annually. However, some servers already have a shared certificate installed and your web host only needs to give you access to it. It may not cost anything to use their’s.
So, all I have to do is ask for it to be flipped on and it’s done?
You will also need to convert your website images, links, and core files to https so the site will be displayed as secure.
Do I need a security certificate? How will this affect my business?
Generally, if you are collecting sensitive information on your website (credit cards, social security, etc.) you should have a purchased security certificate.
Other reasons you might want a security certificate:
- It’s very possible that your clients would see a security warning and leave your site. Getting an SSL eliminates that possibility.
- Customers will trust websites more that have verification of security.
- SSL is required for PCI Compliance (Payment Card Industry)
- Google has also announced it will give ranking preference to websites that are secure.
What’s the difference between a purchased security certificate and the free one that my host may provide?
A paid certificate and a free certificate have the same level of encryption. A paid certificate comes signed by a trustworthy certificate authority, support and various tiers of insurance/warranties, which is especially important for sites handling financial or other sensitive information.
What are the disadvantages of having an SSL?
- Annual cost if your web host doesn’t provide one.
- There can be minor performance issues on a website as it encrypts data. Usually this is only noticeable on sites with a very large number of visitors.
How can I tell if my website isn’t secure?
In October of 2017, Chrome started showing security warnings on non-secure sites. Other browsers followed this trend.
So, Google made my website insecure?
No. Your site isn’t any more or less secure than it was before. It’s just that Google started displaying it more prominently in their Chrome browser. Other browsers (Firefox, Internet Explorer, Safari, etc.) may not display it as prominently, but it will still be marked insecure.
What if I don’t use Chrome? What if I use another browser?
It doesn’t matter what browser you are using. It matters what browsers your clients are using. All other browsers (Firefox, Internet Explorer, Safari, etc.) also are displaying security issues. Some browsers have settings to give a warning before you go to an insecure site.
Will my site go down if I don’t add an SSL Certificate?
Nope. But, your clients or potential clients may see security warnings when visiting your site.
Will my site go down while it is being switched from un-secure to secure?
Can you help me make my site secure?
I can if you are hosting with me. And the good news is you can use my shared certificate. New websites and migrations can usually have it included, and the one-time fee for existing sites is inexpensive compared to a paid certificate. Even better, unlike that conventional paid certificate, you only have to pay for it once. Give me a call at 904-438-8389 or shoot me an email to discuss. If you aren’t hosting with me, you can call your host and talk to them. Or talk to me about moving your hosting to my servers.