SSL Certification explained

Many hosting companies, especially if they use the CPanel hosting dashboard, have partnered with Let's Encrypt to provide free SSL certification. Let's Encrypt is a free service run by the Internet Security Research Group (ISRG). In your hosting  CPanel dashboard you will see a Let's Encrypt icon in your security section if your host has partnered with Let's Encrypt to provide free SSL certification. Some other services such as Cloudflare offer similar schemes, so if you are already signed up to a Cloudflare plan, you can opt into their SSL certification programme.

Like with mall areas of information systems, there are lots of acronyms here. SSL certificates are managed by Certificate Authorities (CA)

At this certification level, the CA checks the applicants right to use the domain and data is encrypted. This means that your customer can trust that they are on the site they think they are on.

At this certification level, the CA checks the applicants right to use the domain, and check the official name of the organization and where they are located with third parties This extra information is displayed along with the security certification. The CA also contacts the applicant to ensure they did in fact request the certification. With this certification, your customers can be sure that are sending their data to you, the intended recipient. Visually this certiffication type looks the same as DV though the organization name is displayed in the certificate details. Certificate details are typically seen by clicking on the padlock icon, but this varies by browser type.

In Extended Validation, the CA checks the applicants right to use the domain, checks the legal physical and operational existence of the applicant, and checks that the applicant identity matches the official records. The process of issuing EV SSL Certificates is strictly defined in the EV Guidelines.

The web is getting more and more secure and that's a good step forward for everyone. Google are already punishing sites that are not moving forward with the web, and have indicated they will continue to do so. With some free options available and reasonably priced options otherwise, there is no reason not to secure your ecommerce website or any website that processes sensitive data like membership data or passwords.  

 

As consumers become more aware of SSL types and the trust levels that they represent, they may make different choices based on the security you offer  to them as consumers. Should you fall short of the security requirements expected by your customers, they may well visit a competitor who offers a more trustworthy way to send their data, or exceeds the standard requirement.