SSL Certificates: A Comprehensive Guide

by | 20 Mar 2024

What is an SSL certificate?

An SSL certificate is a digital credential that verifies the identity of a website and facilitates secure, encrypted communication. SSL stands for Secure Sockets Layer, a crucial security protocol establishing a protected connection between a web server and a browser.

Businesses use SSL certificates on their websites to ensure the confidentiality and integrity of online transactions, safeguarding sensitive customer data from prying eyes and potential threats. That familiar padlock icon beside the URL in your browser’s address bar signifies that SSL is actively safeguarding the website you’re visiting.

Why do you need an SSL certificate?

An SSL certificate is essential for various reasons, primarily centred around security, authenticity, and trustworthiness:

Data Security: SSL certificates encrypt data exchanged between a web server and a user’s browser. This encryption ensures that sensitive information such as login credentials, credit card numbers, bank account details, personally identifiable information (PII), legal documents, medical records, and proprietary data remain confidential and secure during transmission.

Authentication and Ownership Verification: SSL certificates authenticate the identity of a website, verifying that it belongs to the entity claiming ownership. This verification helps prevent attackers from creating fraudulent versions of legitimate websites, reducing the risk of phishing scams and other malicious activities.

Trust and Credibility: SSL certificates convey trust to users by indicating that a website is authentic and takes data security seriously. The presence of HTTPS in the website address and a padlock icon in the browser’s address bar reassures visitors that their interactions with the site are encrypted and secure. In contrast, browsers often label HTTP sites (without SSL certificates) as “not secure,” potentially discouraging users from engaging with them.

Compliance Requirements: Many regulatory frameworks and industry standards mandate the use of SSL certificates for websites handling sensitive data. Compliance with regulations such as GDPR (General Data Protection Regulation), PCI DSS (Payment Card Industry Data Security Standard), and others often necessitates the implementation of SSL encryption to protect user privacy and ensure legal compliance.

Business Reputation and Customer Confidence: For businesses, maintaining a secure online environment is crucial for preserving their reputation and fostering customer confidence. SSL certificates demonstrate a commitment to data security and privacy, which can enhance customer trust, increase engagement, and drive conversion rates. Moreover, migrating to HTTPS can positively impact search engine rankings, further benefiting businesses in terms of visibility and online credibility.

Types of SSL certificates

SSL certificates are typically categorised into three main validation levels, each with its own verification process. Use cases for each validation level are determined by the level of assurance and trust required for the website:

Domain Validated (DV) Certificates:

The Certificate Authority (CA) confirms only the ownership of the domain name. This validation typically involves verifying that the applicant has control over the domain by responding to an email sent to a designated address associated with the domain. DV certificates offer basic encryption and are suitable for low-risk websites.

Use Cases:

  • Personal websites
  • Blogs
  • Small business websites
  • Non-commercial websites
  • Internal websites and intranets

Organization Validated (OV) Certificates:

Verification Process: In addition to verifying domain ownership, the CA also conducts basic vetting of the organization requesting the certificate. This verification includes verifying the legal existence and operational status of the organization.

Use Cases:

  • Small to medium-sized businesses (SMBs)
  • E-commerce websites
  • Corporate websites
  • Online portals
  • Government websites

Extended Validation (EV) Certificates:

Verification Process: The most rigorous validation level, EV certificates involve thorough scrutiny of both domain ownership and the legal entity requesting the certificate. The CA performs extensive background checks to confirm the organization’s identity, legal status, and operational presence. EV certificates are recognized by the green address bar in most web browsers, providing the highest level of visual assurance to visitors.

Use Cases:

  • Large enterprises
  • Financial institutions
  • E-commerce platforms
  • Healthcare organizations
  • Government agencies
  • Websites handling sensitive data or transactions

Free vs Paid SSL certificates

While free SSL certificates can offer encryption for basic use cases, they may come with limitations in terms of validation, trustworthiness, compatibility, support, and additional security features. Businesses and organizations with higher security and trust requirements may find that investing in a paid SSL certificate provides greater peace of mind and a more robust security posture for their website. Here are some of the disadvantages of using a free SSL certificate:

Limited Validation and Trustworthiness: Free SSL certificates typically undergo minimal validation processes, often only verifying domain ownership. As a result, they may lack the level of trust and credibility associated with paid certificates, potentially leading to lower confidence among website visitors.

Limited Browser and Device Compatibility: Free SSL certificates may not be as widely recognized and trusted by all web browsers and devices compared to paid certificates. This can result in compatibility issues, with some visitors encountering warnings or errors when accessing the website, particularly on older browsers or devices.

No Warranty or Liability Protection: Free SSL certificates typically do not come with warranty protection or liability coverage. In the event of a security breach or certificate-related incident, website owners may not have recourse to financial compensation or legal protection, exposing them to potential risks and liabilities.

Lack of Extended Validation (EV) or Organization Validation (OV) Options: Free SSL certificates usually only offer domain validation (DV), lacking options for extended validation (EV) or organization validation (OV). As a result, websites using free certificates may not be able to display additional trust indicators, such as the organization’s name in the browser’s address bar, which can impact credibility and visibility.

Limited Customer Support: Free SSL certificate providers may offer limited or no customer support services, leaving website owners to troubleshoot installation, configuration, or compatibility issues on their own. This lack of support can be challenging, especially for businesses with limited technical expertise or complex hosting environments.

Absence of Additional Security Features: Free SSL certificates typically provide basic encryption without additional security features or enhancements, such as malware scanning, vulnerability assessments, or website security seals. This can leave websites vulnerable to emerging threats and security vulnerabilities, requiring additional investments in cybersecurity measures.

How to get an SSL certificate?

To buy an SSL certificate, you’ll first need to choose between options offered by our trusted Certificate Authorities (CAs) Comodo and Thawte. Both are renowned for their reliability and robust security solutions.

Comodo SSL certificates include Domain Validated (DV) and Extended Validation (EV). Their certificates start at R239 per year, providing affordable yet effective encryption solutions.

Thawte SSL certificates also offer varying levels of validation, from DV to EV, ensuring that websites receive the appropriate level of trust and security. Thawte certificates start at R549 per year, reflecting their premium features and reputation.

Once you’ve selected the appropriate SSL certificate from either Comodo or Thawte, you’ll need to provide necessary information during the application process, such as details about your domain ownership and organization. After completing the validation process and receiving the SSL certificate from the issuer, follow the provided instructions to install it on your server. With your SSL certificate installed, your website will be equipped with robust encryption and trust indicators, enhancing security and credibility for your visitors.

Other resources

VPS: How to install your SSL certificate on your Ubuntu Server
This article provides you with information on how to install SSL certificates on your VPS server running Ubuntu OS.

WordPress: How do I enable SSL on my website?
This guide provides you with steps to change your site from HTTP to HTTPS  on new and old WordPress sites.

Plesk: How to install your SSL certificate
This article provides you with step-by-step instructions on how to configure and install your SSL certificate on Windows.

Plesk: Upload a SSL certificates
This article provides you with steps to install your Comodo or Thawte SSL on Windows Plesk.