A Secure Sockets Layer (SSL) certificate is a file installed on your webserver that makes the protocol used to access your website HTTPS instead of plain old HTTP. Since late 2016, Google has mounted a campaign to encourage the use of secure protocols, including it as a ranking factor in their search algorithm, marking any websites that use passwords as insecure (Chrome 56 onwards), and have future plans to display the HTTP security indicator as the same red triangle that is used for broken HTTPS.
Getting a free SSL Certificate
Many hosting companies, especially if they use the CPanel hosting dashboard, have partnered with Let's Encrypt to provide free SSL certification. Let's Encrypt
is a free service run by the Internet Security Research Group (ISRG). In your hosting CPanel dashboard you will see a Let's Encrypt icon in your security section if your host has partnered with Let's Encrypt to provide free SSL certification. Some other services such as Cloudflare offer similar schemes, so if you are already signed up to a Cloudflare plan, you can opt into their SSL certification programme.
Types and costs of SSL
Like with mall areas of information systems, there are lots of acronyms here. SSL certificates are managed by Certificate Authorities (CA)
Domain Validation (DV)
At this certification level, the CA checks the applicants right to use the domain and data is encrypted. This means that your customer can trust that they are on the site they think they are on.
Organization Validation (OV)
At this certification level, the CA checks the applicants right to use the domain, and check the official name of the organization and where they are located with third parties This extra information is displayed along with the security certification. The CA also contacts the applicant to ensure they did in fact request the certification. With this certification, your customers can be sure that are sending their data to you, the intended recipient. Visually this certiffication type looks the same as DV though the organization name is displayed in the certificate details. Certificate details are typically seen by clicking on the padlock icon, but this varies by browser type.
Extended Validation (EV)
In Extended Validation, the CA checks the applicants right to use the domain, checks the legal physical and operational existence of the applicant, and checks that the applicant identity matches the official records. The process of issuing EV SSL Certificates is strictly defined in the EV Guidelines
Do not ignore SSL
The web is getting more and more secure and that's a good step forward for everyone. Google are already punishing sites that are not moving forward with the web, and have indicated they will continue to do so. With some free options available and reasonably priced options otherwise, there is no reason not to secure your ecommerce website or any website that processes sensitive data like membership data or passwords.
As consumers become more aware of SSL types and the trust levels that they represent, they may make different choices based on the security you offer to them as consumers. Should you fall short of the security requirements expected by your customers, they may well visit a competitor who offers a more trustworthy way to send their data, or exceeds the standard requirement.