With the recent discovery of the Heartbleed bug, a major security flaw that was present in masses of websites including Google, Yahoo, Instagram and Netflix, internet security is something that, quite suddenly, is a lot closer to all of our hearts. If you have a website that stores any personal data or processes financial transactions, then its in your interest, and that of your customers, to know about SSL.
What is SSL?
SSL stands for Secure Sockets Layer, and it basically allows for the secure transmission of sensitive data which may include personal information or credit card details. Usually when such data is transferred from one computer to its destination, it will pass through a number of other computers before it reaches the correct one. Therefore, to ensure the secure transmission of data, the details are securely encrypted and then sent to the correct server (rather than a would be criminal’s server). Without the encryption, the data could be read and accessed by any of those computers that the data is passed through, meaning it could be accessible to identity thieves or hackers.
Even if you’ve never heard of SSL certificates before, it’s very likely that you’ve used them if you’ve ever purchase something online, managed your finances or logged into Facebook. To identify a website which possesses a valid SSL certificate, you can simply look at the address bar in the browser. Websites with an SSL certificate will usually have an address that begins with ‘https://’, and you should also be able to see a padlock icon.
Basic SSL vs. Extended Validation SSL certificates
There are different types of SSL certificates available which offer varying levels of protection. Some SSL certificates might just be suitable for keeping log in details for a website secure, whilst others may offer much more robust forms of protection.
One such enhanced type of SSL certificate is known as an extended validation SSL certificate(also known as EV SSL), which will turn the address bar green on the latest versions of any popular internet browser including Internet Explorer, Google Chrome or Firefox. An EV SSL also offers more robust protection against phishing attacks and is the type of certificate adopted by the majority of big commercial websites including Amazon and Ebay.
All websites which purchase SSL certificates need to go through a number of checks to verify the identity of the website and its owner. The more advanced level of SSL, the higher the number of checks. This means that when you see a website with an SSL certificate, you can be confident that the website is legitimate.
If your website has an SSL certificate, then it shows a commitment to your customers, showing that you care about their personal information and that you don’t want it to be easily accessible to those that might abuse it. As internet users become more savvy, it’s certain that they are less likely to use websites that don’t provide the security of an SSL certificate.
Of course, it really depends on what your website is for as to what type of SSL certificate you will require. If your website just sells one type of thing (for example memberships), then a low priced SSL certificate will probably be sufficient. However, if you have an e-commerce site with lots of transactions, then something more renowned and robust may be required. Honestly though, for most small businesses a standard SSL certificate should more than suffice for its security needs.
Why are some SSL providers more expensive than others?
The general difference in price is all down to the verification process that SSL certificate authorities undertake to check that your website is the real deal. Whilst global names like Verisignor Geotrust are well known, their verification checks are manual and slow, but are certainly required for businesses like Amazon or Paypal. However, these checks come at a high price, and would certainly be overkill for most small businesses.
With that in mind, I’ve tried to provide information on SSL certificates that would be suited to small businesses and entrepreneurs alike by meeting their security needs whilst keeping the cost down.
The cheapest SSL certificate provider
If you wish to pay a low price for your SSL certificate, then it is worth checking SSL certificate reseller websites such as ComodoSSLStore.com. Their lowest price certificates include a Comodo Domain Validation certificate for just $6.50 for one year.
For certificates to be this cheap, there must be a catch, right? Truthfully, as long as you stick to well reputed resellers, this isn’t really the case. Unless you are after something very specialised, and you don’t have an issue with relying on reseller support rather than support directly from the certificate authority, then there is little reason not to use a reseller. SSL resellers buy SSL certificates in bulk which then enables them to pass on much lower prices to their customers. If you’re in any doubt however, it’s advisable to ask before purchasing if you have any particular requirements that you’re afraid won’t be met.
With that in mind, I’ve taken a look at three low priced SSL certificate providers and tried to give an honest assessment of the services they provide. Whilst the prices quoted are those given by the certificate authority, don’t forget to look for these certificates on a reseller website to get the best price possible.
RapidSSL are owned by Geotrust, who are one of the leading SSL certificate authorities. RapidSSL can provide certificates for $11.99 per year, which includes a $10,000 fraud warranty which is perfect for any low volume e-commerce sites.
RapidSSL also offers e-mail support and also provides a 24/7 knowledge base and provides up to 256 bit encryption for one domain name. Perhaps the key thing here is that RapidSSL are literally a business that specialises in SSL, so they won’t attempt to sell you any additional extras that you may find with other services. You can pay extra to cover additional domain names, but this will cost you $199, which is quite pricey in comparison to their standard certificate.
GoDaddy are probably best known as a web hosting provider, however, one of their many services includes providing SSL certificates. Like RapidSSL, GoDaddy provide a variety of different certificates, with prices starting from £48.99 per year. However, like RapidSSL, the cheapest GoDaddy SSL certificates only cover one domain name and this doesn’t include any mobile variations of your site.
AlphaSSL’s cheapest package also starts from $49 (are you beginning to see a pattern here?). The big advantage that AlphaSSL has over GoDaddy and RapidSSL is that it will cover both the www and non www variations of your website (including mobile variations). Like RapidSSL, AlphaSSL is owned by well established SSL provider Verisign and its parent company is Symantec who actually established the SSL standard back in 1995. AlphaSSL’s cheapest SSL certificate only covers up to $1,000 worth of fraud however, which is lower than the warranties offered by RapidSSL and GoDaddy.
While we have only touched on a few SSL certificate providers here, there are potentially hundreds of different SSL certificates available on the market. This can be potentially confusing and difficult to navigate, but the general rule of thumb here is to use a trusted certificate authority and you can’t go wrong.
A higher price doesn’t necessarily mean a certificate is better, or any more secure for that matter, so be sure to select something that suits your business needs at the right price for you. Resellers are a good option if you’re on a budget, because you can secure a certificate from a highly trusted certificate authority but at a much lower price.
Image Credit: Adam Lerner