website ssl security

What is an SSL?

Chances are you’ve definitely bumped into an SSL certificate in your internet travels. Your bank, your favorite grocery store, Amazon, or typically any place that you perform transactions online have an SSL certificate installed on their site – you can tell by the little green lock that shows up next to the site’s URL in your browser’s search bar. You can see it right now on our site!

SSL (short for Secure Sockets Layer) is “the most widely deployed cryptographic protocol to provide security over internet communications.” (source) This particular type of cryptography uses two keys – a public key, and a private key – which are essentially long strings of randomized numbers.

 Why is an SSL Important for my Website and Business?

When you send credit card, social security numbers, or any other personal data over the internet, that information is passed from computer to computer until it reaches its server destination. The public and private key form a sort of ‘secret handshake’ between you and your destination server, keeping any computer from in between – or hackers, identity thieves, and other ne’er-do-wells’ – from seeing that personal information. In terms of personal data or money transfer, SSLs are hugely important. (Not to mention they have a bunch of other great benefits too.)

Now, Google is giving sites the kick in the pants to get SSLs installed in the name of a more secure internet. Starting in late 2018, it will begin penalizing sites without one by throwing up this big, ugly warning to visitors:

ssl errors and issues

If you don’t have one already, now’s the best time to consider getting an SSL for your site. But where you do start? Which one is right for you?

How to Choose an SSL?

Option 1: If your site….

  • Serves mainly to tell visitors about your business and services
  • No monetary transactions are performed
  • Makes use of forms where users submit personal data (first and last names, email addresses, etc.)

What Creative Recommends

A standard, Let’s Encrypt certificate. From the site:

“Let’s Encrypt is a free, automated, and open certificate authority run for the public’s benefit. We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.”

Option 2: If your site….

  • Handles any type of monetary transactions
  • Is an e-commerce site
  • Sees a large amount of bandwidth and visitors every day
  • Offers regulated, bureaucratic documents and resources to the public (i.e. a government form website)
  • Seeks to assert the highest level of authenticity and trustworthiness

What Creative Recommends

An Extended Validation (EV) certificate. With an Extended Valuation SSL, the Certificate Authority (CA) checks the right of the SSL applicant to use a specific domain name, and it also conducts a thorough vetting of the company/organization.

From the official DigiCert website:

All the steps required for a CA before issuing a certificate are specified here including:

  • verifying the legal, physical and operational existence of the entity,
  • verifying that the identity of the entity matches official records,
  • verifying that the entity has exclusive right to use the domain specified in the EV SSL Certificate,
  • and verifying that the entity has properly authorized the issuance of the EV SSL Certificate.