What is an SSL Certificate and Why Do I Need One?
Ever wondered what the little padlock in your browser next to the website’s domain name is? That’s an indicator that the website is encrypted by an SSL certificate. If you don’t see one (or if the lock is open/red), it may mean that you’re visiting the site over an unsecure connection that anyone else can be “listening in” on.
- What is an SSL Certificate?
- Why are SSL and HTTPS important?
- How can I get an SSL Certificate?
- What kind of SSL do I need?
- How do I install and maintain an SSL certificate?
- How do I know if my certificate is working?
- SSL Troubleshooting
What is an SSL Certificate?
SSL certificates make your website more secure by:
- Certifying, through a certification authority that’s trusted by your browser, that the connection is secure
- Encrypting data sent between your website and its visitors
They also help increase trust (and sales!) by displaying the security lock in your browser’s address bar.
When data is transmitted securely on the web, it uses an HTTPS connection. HTTPS stands for Hypertext Transfer Protocol Secure. It’s the secure version of HTTP, the default means through which computers communicate over the Internet.
Why are SSL and HTTPS important?
SSL and HTTPS are crucial to prevent specific types of virtual threats, called man-in-the-middle attacks. These are situations where a hacker would be connected to your wifi network (for example, in a public café) and intercepting unencrypted data being transmitted between your website and your device. In more sophisticated attacks, they could even pretend to be your website while unsuspecting clients submit new credit card orders.
Some of this data, such as passwords and credit card information, is very sensitive and should never be transmitted over unsecure connections. Once the connection is encrypted, even if the hacker were to intercept the data, they would be unable to decipher and understand it.
Having an HTTPS connection is also a known ranking factor for search engines such as Google, as well as a trust factor for people visiting your website. Even folks who don’t know what an SSL certificate is can recognize a broken red padlock as a bad thing, and some browsers now block you from accessing sites through HTTP unless you explicitly accept the risk of accessing an unsecure website.
In other words, if you don’t have an active SSL certificate on your website, you’ll get less traffic and people will spend less time visiting your pages. Since the whole point of a website is to attract and assist visitors, not having an HTTPS connection is a big problem.
How can I get an SSL Certificate?
If your hosting account includes basic SSL security, it will likely use automated SSL provisioning technology powered by either Let’s Encrypt or, as is the case for WHC, cPanel’s AutoSSL , to automatically prepare a certificate for you to use.
What kind of SSL do I need?
Most websites with basic needs and no online shopping will function well with the free AutoSSL certificates, bundled with most hosting plans.
Larger websites, eCommerce stores, and anyone taking payments or collecting sensitive information may want to upgrade to a higher tier of encryption. In most cases, Web Hosting Canada recommends investing in a premium SSL certificate once your website starts earning over $10,000 per year, or if it is processing sensitive information.
The following premium SSL certificates are available directly with WHC:
Essential SSL protects one domain (including both the version with and without “www”) and provides a $10,000 warranty, in case anything goes wrong at the Certificate Authority’s end. While providing a similar level of security and trust as AutoSSL, they back their security claim with a warranty, allow for manual certificate verification that may be necessary for private websites or applications, and include a static website seal, which improves trust. Essential SSL generally costs less than $50/year and is recommended for websites that process less than $50,000 in online sales each year.
Wildcard SSL can protect one domain with unlimited subdomains and, just like Essential SSL, provides a $10,000 warranty. Wildcard SSL uses the same type of encryptions as Essential SSL, but that encryption can be extended to as many subdomains as necessary. That means you could secure yourdomain.com as well as app.yourdomain.com and store.yourdomain.com all with one certificate. Similarly as with Essential SSL certificates, Wildcard SSLs include a website security seal, which helps improve trust. Wildcard SSL certificates are recommended for websites using different subdomains on the same primary domain and generally cost less than $160/year.
Extended Validation (EV) SSL
EV SSL protects one domain and provides a dynamic site seal and a $1,000,000 warranty. Its dynamic seal displays your company’s name and address, as well as the certificate’s period of validity, which provides the greatest level of trust to your clients. EV SSL certificates are recommended if your website or application manages important confidential information or processes over $50,000 of online sales per year. EV SSL certificates generally cost less than $400/year, but due to the extended nature of the verification, expect the activation process to require you to send proof of business ownership and operation, and take over 10 days to complete.
How do I install and maintain an SSL certificate?
If you’re using a reseller account or a web hosting “Pro” account or greater, your basic SSL certificates will be automatically installed and renewed using cPanel’s AutoSSL. Your only responsibility in this case is to make sure that the HTTPS connection is being “forced” throughout the entire site. For a walkthrough of how to do this, consult how to force the use of SSL in WHC’s Help Center.
If your website is hosted with WHC when you purchase a premium SSL certificate, WHC staff will install it for you. If your website is hosted elsewhere you can still purchase SSL through WHC; however you or your hosting provider will need to take care of its installation. EV SSL certificates require confirmation of you and/or your business’ identity. If this applies to you, you will receive an email requesting the information shortly after your purchase.
Remember that premium certificates need to be renewed yearly; otherwise your security will expire and your visitors will see security warnings on your website.
How do I know if my certificate is working?
The first thing to look for is a little padlock in the corner of your browser’s address bar. If the lock is intact, closed and/or green, it means the site you’re visiting is safely encrypted. If it’s broken, unlocked, or red, it means there isn’t a certificate or its use isn’t being forced.
You can use a service such as SSL Labs to test your certificate more rigorously. SSL Labs will scan your website and give you a rating that approximates how effective your certificate is.
Got SSL issues? The following articles in WHC’s Help Center might help!
The following online tools can also help you diagnose and resolve SSL issues:
- WhyNoPadLock: Helps you find out why your SSL certificate padlock doesn’t show as secure on your website
- SSL Server Test: Performs a deep analysis of your SSL web server
- Certificate Decoder: Decodes your encoded SSL certificate and verifies that it contains the correct information
Still need help choosing the best SSL certificate for your needs? Simply ask your question below or get in touch with WHC’s friendly customer service team!
Also on the WHC Blog
Three reasons your website visitors will trust a .CA domain
Did you know, even a tiny top-level domain (TLD) name can contain information about your website that would be useful to visitors? A domain extension can indicate your geographical location, purpose or even a little bit of...Read full article
CentOS 6 End Of Life (EOL): Migrate Now!
What's happening? What is CentOS? When is the CentOS End of Life (EOL)? What happens once CentOS reaches EOL? Which services are affected? How can I tell which OS version I am using? What’s new in...Read full article
How can we help?
Our friendly customer service team is available right now.