A business owner’s guide to security certificates

An SSL certificate is important because it will give your customers more confidence when visiting your website, and it's important for Google too.
Business owners guide to understanding SSL security

Why do you need an SSL Certificate on your website?

From a business owner’s perspective you need an SSL certificate because it will give your customers more confidence when visiting your website, and it is also taken into account by Google when determining your site’s ranking in search results.

If you have an SSL certificate, your website address will be preceded by https:// rather than http:// and your website visitors will see a little padlock on the address bar of their internet browser (this is what LittleBizDesigns looks like on Google Chrome):

What is an SSL Certificate?

SSL stands for Secure Sockets Layer.  In fact, although the term SSL is still in common useage, the new terminology is TLS which stands for Transport Layer Security.  But before we get stuck in the jargon mud, an SSL/TLS certificate provides security for online communications by enabling an encrypted connection between your website and your website visitors’ web browsers.

There are actually three different types of SSL/TLS certificate: Domain Validation, Organisation Validation and Extended Validation.  All the certificates use similar methods to protect and validate your data, the difference is the extent to which the web site operator’s identity has been verified.

As a small business owner, it is more than likely that Domain Validation will be sufficient for your website, and the rest of this post deals with Domain Validation certificates, however if you are interested in the difference between the three types:

  • Domain Validation – these certificates are verified only using the domain name
  • Organisation Validation – issue of these certificates requires verification of the web site operator’s identity (and the organisation’s identity is confirmed in the certificate).  Often used by bigger organisations and government departments.
  • Extended Validation – offer the highest level of online trust available, you will find that organisations such as PayPal use these types of certificates to assure their visitors that the identity of their site is highly authenticated, and the name of the company will appear in your web browser’s address bar along with a green lock (or in some browsers, the whole address bar will turn green), for example:

Extended verification SSL example

How do you get one, and how much do they cost?

The company that hosts your website will be able to provide you with an SSL/TLS certificate, however depending on which hosting company you are using, there may be quite a substantial (and annually-recurring) cost associated with their certificate.

Recently we changed hosting providers to one which includes free SSL/TLS certificates.  As with most hosting companies that offer free SSL/TLS certificates, their SSL/TLS certificates are provided by Let’s Encrypt, a US-based organisation which includes representatives from Google and Mozilla.  Let’s Encrypt can only provide Domain Validation certificates, but as noted above, that will be sufficient for most small businesses.  Our old hosting provider wouldn’t allow us to use a free SSL/TLS certificate, and wanted to charge us GBP 46 (around ZAR850 / AUD80) per annum per site, so we made the change.

Once I have one, is there anything else I need to do?

SSL/TLS certificates have an expiry date, and need to be renewed.  For example, a Let’s Encrypt SSL/TLS certificate expires after 90 days.  More than likely your hosting provider will automatically set up auto-renewal, but if you are in doubt, best to check with them.