Uncertainty about the safety and security of websites is inevitable as technology and hacking continue to evolve rapidly.
The importance of keeping a website’s digital security up-to-date goes without saying, but there is also a simple piece of good practice to ‘prove you are who you say are’.
Everyone using a browser is probably familiar with - an SSL certificate - but not by this name. This certificate is what determines whether your browser shows a padlock in the address bar, and whether you see a https:// or http://.
Having one benefits any website, not just ecommerce sites. In layman's term an SSL certificate says that your website is what it claims to be. It also allows a website to use encryption to protect what people access or share while on your site. Recently, search engines have also begun using the SSL certificate indicator as a ranking signal.
In short, with an SSL certificate you can inspire trust, confidence and you can expect better SEO.
The process to purchase and add an SSL certificate is pretty simple, and the transition can be made with little to no interruption to your website.
There are some different ‘flavours’ of certificate and a wide choice of providers, called Certificate Authorities or CAs. Most people only notice the padlock or the domain starting with https://, but look at these two certificates next to each other and the difference becomes obvious.
The encryption levels are the same for both certificate, what differs is the vetting process used to obtain the certificate. Barclays uses an EV (extended validated) certificate where the CA validated the ownership, organisation information, physical location, and legal existence of the company. This process also involves the CA checking if the organization is aware of the SSL certificate request.
Whereas London’s Metropolitan Police use a Domain Certificate for which the CA simply verified that the organisation has control over the domain.
The general rule is that EV certificates should be used wherever you need to communicate a high level of trust to your users, when you deal with bank transactions, shopping carts or a high level of sensitive information.
This is the five step process we use when we add an SSL certificate to our clients’ websites:
- Identify the appropriate type of certificate and select a reliable Certificate Authority.
- Install the certificate on your website.
- Redirect all incoming requests for your HTTP website to the location of the HTTPS site.
- Run a broken link scanner to confirm everything is working after on HTTPS.
- Notify Google that the site is now using an SSL certificate and update the sitemap location.
We always recommend using SSL certificates whether it’s retrofitting them or for a new build. Contact us if you’d like to find out more about how we could do it for your website as part of a design, build or overhaul.
If you have found this article interesting and would like to chat in more detail then please get in contact with us.