What is an SSL Certificate?

A Secure Sockets Layer (SSL) is an internet protocol that secures the transfer of data between your browser and the website that you are visiting.

An SSL Certificate is a relatively small file used to bind a cryptographic key to your company's credentials. If you install your certificate on your web server, it will activate the padlock and https protocol so that customers can securely connect to your web server from their browser.

Do I need an SSL Certificate?

The short answer: YES!

The internet has been making a move towards having every website SSL secure and encrypted between the visitors browser and server, you’ll notice in your browser when surfing to a website that doesn't have an SSL that it will warn you that the site isn’t secure, some browsers like Chrome and FireFox will go as far as block access to the site asking you to confirm that you wish to proceed and accept the risk.

Here’s a blog article from google back in October 2019 advising that it will start blocking non HTTPS content and websites.

Think of an SSL Certificate as your website's bulletproof security blanket. Due to the substantial amount of protection an SSL Certificate provides, it is a requirement for accepting online payments.

Every website we visit transfers information. An SSL Certificate is crucial when dealing with login credentials, credit cards and other payment details. Sites without a certificate are not secure, which means that hackers can capture your data.

If I don't accept online payments, does that mean I don't need an SSL Certificate?

Google will flag your website as Not Secure if you don't have an SSL Certificate. That's why we recommend SSL to all of our clients. Not only will it make your customers feel at ease, but it also boosts the security of your site and protects your data from an unexpected attack.

An added bonus, from an SEO perspective having an SSL will help your site rank better over sites with no SSL.

What are the different types of SSL Certificates?

Domain-Validated (DV) Certificate

A DV certificate is better suited towards internal projects and small ecommerce sites that dont store payment data where by the client is redirected to the payment gateway to complete the purcahse, DV Certs are only verified using the domain name and a corosponding email address like admin or [email protected] only, its just basic verification that you are the site owner.

Organisation-Validated (OV) Certificate

If your business is running a higher traffic volume ecommerce/ commercial website, an OV Certificate is the bare minimum level of SSL that we recommend. OV Certifications require a higher level of validation than a DV certificate. Along with your domain name, your organisation name is listed on the certificate. Providing a deeper level of trust that your website and company are reputable.

Extended Validation (EV) Certificate

An EV Certificate is the highest and most-trusted SSL Certificate. There are comprehensive and strict published guidelines that your business needs to adhere to. Verification of identity, business location and capacity are mandatory requirements. These certs can some times take days or even weeks to be validated by the security vendor, one of the biggest catches which makes these certs the hardest to acquire is the time needed to invest in processing and validating the request, due to this never let this Cert expire as there is no way to quickly renew the cert which will mean down time for your site and reputation.

Single-Domain Certificates are designed to protect a single website, which reduces costs. If you need to safeguard multiple sub-domains, then a Wildcard Certificate will better suit your business, keep in mind these tend to be more expensive due to their complexities.

Wildcard Certificates do not apply to EV certs. If you have multiple sub-domains that require EV protection, then you will need to purchase them individually. Depending on the SSL provider, they may provide a volume discount.

How do I install an SSL Certificate?

Prerequisites:

Before you hit the checkout and purchase an SSL Certificate, beware that it is not a simple purchase like registering a domain. Depending on the level of SSL, and if you opt for a Wildcard Certificate, there will be a strict set of certificate request procedures to ensure credibility. Approval can take anywhere from three minutes to three weeks. Once your certificate is approved, it can then be loaded onto your webserver.

Installation:

Step 1: Generating a CSR in Windows
  • Search for Internet Information Services (IIS) Manager from the Start screen
  • Select the server name
  • Open Server Certificates in the IIS section.
  • “Create Certificate Request” from the Actions menu
  • Enter the following information into the Distinguished Name Properties window:
    Common Name
    Organisation
    Organisational unit
    City/locality
    State/province
    Country/region
  • Select Microsoft RSA SChannel as your Cryptographic service provider & 2048 or higher for your Bit length
  • Save your CSR file to your desired location
  • You will receive your SSL Certificate from COMODO. Now you’re ready to install it.
Step 2: Installing an SSL in Windows
  • Open the zip file that contains your SSL Certificate and save ‘your_domain_name.cer’ to your web servers desktop that you wish to securely
  • Search for IIS Manager from the Start screen and open it
  • Select the Server Name
  • Open ‘Server Certificates’ in the IIS section
  • From the Actions menu, click ‘Complete Certificate Request’
  • Now you should be inside the Completed Certificate Request wizard.
  • Find the your_domain_name.cer file and change the name to one of your preference. In the Select a certificate store for the new certificate drop down menu, select Personal.
  • Clicking ‘OK’ will install your certificate to the server
  • Once the certificate has been installed to the server, it still needs to be assigned to your desired website which uses IIS
  • In the ‘Connections’ menu, select the server on which the SSL Certificate was installed
  • Select the site that you wish to secure with the SSL Certificate
  • Click on ‘Bindings’ (this will open ‘Site Bindings’) In the Site Bindings windows click ‘Add’
  • For type choose ‘https’. Enter your IP address into the corresponding field. Port should show ‘443’. Specify your SSL Certificate and click ‘OK’
  • Your SSL certificate should now be installed, and your website will be configured to accept secure connections

Now if the above sounds like a foreign language. Don't worry. Many SSL Providers will take care of the installation for you to make sure your SSL Certificate is installed correctly for a small fee.

At Velocity Host, we provide SSL installation services, which are optional when you purchase any SSL package from our website.

Where can I get a free SSL Certificate?

I remember starting my first website. I was reluctant to buy an SSL Certificate due to the additional cost on top of my domain name, web development and hosting fees. What I didn't realise at the time was that by not installing an SSL, it left me vulnerable to information and data theft.

There are many hosting providers (that don’t provide a cPanel interface) that actually don’t allow the installation of free certificates. You are forced to purchase the SSL that they provide

If you're like me, don't worry, some great providers offer free SSL Certificates.

Here is our shortlist:

Let's Encrypt

Created by the Linux Foundation and sponsored by Mozilla, Cisco and Facebook (to name a few), Let's Encrypt created a platform for website owners to obtain a free SSL certificate. Their philosophy is that the Internet would be a safer place if more websites use an SSL certificate. Due to its success and significance, Let's Encrypt has gained support from tech giants such as Google, WordPress.com, Shopify and many others.

Now the next challenge arises. It is relatively tricky for a beginner to install an SSL Certificate as it requires server systems and coding knowledge.

Cloudflare

Cloudflare claims to be the first Internet performance and security company who offers SSL protection free of charge. Click to check out their free SSL service.

Comodo

Comodo is the #1 SSL provider, Comodo offer both paid and free SSL, pairing up with cPaenel Comodo and Lets Encrypt have both come to the party with a free offering, go and check out our Australian web hosting page, as all of our hosting packages come with a free SSL from Comodo as part of the service, these are automatically installed by default when setting up your website using HTTPS.

How much does it cost to buy an SSL Certificate?

As we have already covered, there are many different tiers of SSL Certificate. Prices can range anywhere from $29-$250 and up. Keep in mind some providers may have hidden costs and add-on services which can increase the purchase price your SSL Certificate.

At Velocity Host, we try to keep things as simple as possible. We offer three options for SSL Certificates in Australia.

Kendall King

With over 10+ years experiance Kendall is Velocity Hosts marketing and sales stratagist.

Degrees in Writing and a Masters of Research Kendall brings a vital edge to the (vh) team in 2020. With fresh ideas across a broad spectrum of businesses personas. Kendall has your business covered.