Posted on Jan 17, 2018

What is an SSL & Why Do I Need One?

Let’s talk website security—more specifically SSLs!

I know, I know. SSLs and cyber security don’t seem like the most exciting topic when it comes to your cool website. But they are very helpful to make sure your site is secure, and essential if your site processes sensitive customer information.

An SSL (secure socket layer) provides a secure, heavily encrypted connection between a website and an internet browser.  Encryption means sensitive data is turned into a secret code, making it much more difficult for cyber hackers to access sensitive information, like credit card numbers.

If you think about the concept of an SSL and how it creates a cipher, or code, to conceal the information on your site from the bad guys, it sounds pretty cool in a OO7 kind of way (for you James Bond fans out there!).

Types of SSLs

There are three different types of SSLs you can use—shared, dedicated, and extended validation SSLs. With pros and cons to each of them, you should choose which one to use based on your security needs.

Shared SSL

  • A shared SSL is installed globally on a server and all users on that server can use it. For example, you can use the iPage shared SSL across all of iPage’s shared hosting accounts. The main downside of a shared SSL is it will reflect the name of the certificate owner in the URL, NOT your own domain name. In the example above, the iPage SSL uses an iPage domain name rather than your own domain name so the URL looks like this:

rather than this:

Shared SSLs do a great job keeping your site safe. One thing to remember is since shared SSLs do not show your domain name, they aren’t ideal if you accept payments on your own site for three reasons:

    1. Your domain name is part of the branding for your business. Customers expect to see your domain name when they look up your business on the internet.
    1. The shared SSL certificate generated for the hostname of the server will cause a SSL certificate warning message to pop up on your site when it’s used, because it doesn’t  match your domain name. If your customers see these warnings, they may not want to submit credit card information through your site.
  1. If the shared SSL certificate lapses, this leaves your web site vulnerable.

Shared SSLs are best used when you want a secure connection to the server that is not typically seen by the general public, like logging into the admin area of your site.

Dedicated SSL

  • With a dedicated SSL you own the certificate. Because it’s dedicated to your domain name, instead of being shared by users on a server, it shows your domain name as the URL like this:

Unlike a shared SSL, no warning messages will pop up, making it the best choice for e-commerce sites.

Extended Validation SSL

  • An Extended Validation SSL (EV SSL) requires a website to go through an extensive validation process in order to qualify for the certificate. While a dedicated SSL can be set up within 4 hours, an EV SSL might take up to 10 business days due to the validation process. When visiting a website with an EV SSL, the user sees special indicators in the browser, like a green URL address bar, which shows the website is extremely secure. Private organizations, government entities, and businesses that operate in heavily regulated fields like healthcare are most likely to require EV SSLs.

More good things to know about SSLs

An SSL isn’t necessary if you aren’t asking for private information online or taking payments. Some online payment processors, like PayPal or WePay, have an SSL on their site because that’s where the payments are processed. This means you wouldn’t need an SSL for your site.

If you want to take payments through your site, you must buy an SSL certificate. Many payment processors won’t connect to your site without one.  

Sometimes, even when your website has a SSL, a web browser may show that not all the content on the site is secure. This happens when some of the content posted comes from a different site. To avoid this, you can host all your site’s content on the server your domain points to. If you can’t do this, you may be able to make certain web pages, like the payment page, covered by the SSL.

Visitors to your site may see an icon indicating your site has a SSL. In the case of the EV SSL the browser turns green. To be even more obvious you can add a SSL certification badge.

What type of SSL does my site need?

In the end, it depends on your needs and the amount of money you have to invest in your website. Besides the pros and cons of the different types of SSLs, cost is another thing to consider. Private SSLs cost more than shared SSLs, and many hosting companies include free shared SSL certificates on their plans or charge a small fee to activate one.

If you are building a smaller scale e-commerce site, and using a payment processing company that processes payments on their site (like PayPal), your ecommerce web hosting company’s shared SSL will probably suit your needs. Shared SSLs are convenient and free up your dollars to invest elsewhere in your business. However, if you are planning to do a high volume of sales, it’s worth investing in your private SSL certificate, both for added security and buyer confidence.

Feature image: Pixabay

About the Author

Susie Yuill is a freelance copywriter and marketing strategy consultant, specializing in creating product marketing strategy & content that helps technology companies grow product sales and engagement.