Global cyber crime costs could reach $2 trillion by 2019. That’s up 3X from 2015 (which was only a paltry $500 billion by comparison). Then President Obama even urged citizens to use safeguards like two-factor authentication.
Unfortunately, there’s no one-size-fits-all when it comes to SSL certificates. So which should you choose? And why?
How Do SSL Certificates Work? (And Why Should We Care?)
“In 2014, 47% of American adults had their personal information stolen by hackers — primarily through data breaches at large companies,” according to CBS. Household names like Home Depot, Yahoo, and Chase — the same ones we rely on daily — are among the most targeted.
So it only makes sense that Google’s leading the charge from the front lines. Their new warning for site visitors is the final nail in the HTTP coffin. Because they’re the biggest browser on the market at 57.94%.
For example, SSL certificates have two ‘keys’: one private and one public. The public one encrypts (or locks) a connection, while the private one decrypts (or unlocks) it. Think of it like an extra layer of privacy between your data and the rest of the world. Your messages are safe because a hacker would need both randomly-generated keys.
Take coffee shops. Airports or hotels even. Public WiFi networks like these, as a general rule, aren’t very secure. They’re the perfect target for man-in-the-middle attacks. Someone slides between your device and their server. You might see one number on the screen while your bank receives another.
SSL certificates are one of the best ways to keep data secure. Here’s why you should care, even if you may not take personal information, like credit cards.
Instead of your visitors now seeing this nice, happy little strip of green…
… they’re met with this ominous warning signal:
In other words, they’re warned not to do business with you. Not to enter their email in your Quote Request form. And definitely not to enter their credit card on your product cart page. All those lead gen tips, tricks, and tactics are in vain when Google is telling someone not to enter your site.
Visitors can also dive deep and get details on what your site is requesting as well. For example, here’s what you see when visiting XMind’s homepage:
That ain’t good.
The last thing you need is a spooked prospect. That’s what happens when their browser tells them not to give you their email. Or enter their credit card.
That’s it. You’re convinced. Adding an SSL is the only obvious choice. You visit the local domain registrar. Pull up their SSL certificate page, and met by… multiple SSL certificate types?
So… what are your options? Which should you choose and why?
How the Different Types of SSL Certificates Stack Up
All SSL types use the same standard encryption methods. So one isn’t ‘more secure’ than the other. Each option has their own requirements and distinct characteristics.
Here’s a breakdown of the five major options you can choose from.
Option #1. Single Domain
Option #2. Multi-Domain (SAN)
Options #3. Wildcard
This scenario would be useful for sites like XMind (pictured above). It uses an unsecure, content-driven ‘marketing’ site on the primary domain (shame). But then thankfully runs all purchase-related stuff through a secure subdomain (phew).
Option #4. Organization
Organization SSL certificates authenticate a company’s identity and information, like the company’s primary address, etc. It’s similar to the first option discussed (single domain) but meant for more content-based sites that don’t need to secure an e-commerce or payments component.
Beyond validating domain ownership, you’d also need to confirm and authenticate the other organization-related details as well (so there’s a little more red tape required for the lengthy process).
Okay. Enough marketing speak. What’s the difference between this one and the first option? Eh, very little. So it may or may not be worth the extra headache.
Option #5. Extended
How to Setup an SSL Certificate for Free
For example, Let’s Encrypt already works with several hosting providers including:
So if these providers won’t set it up for you automatically, you should be able to do it yourself through cPanel.
Then you should be good to go with a friendly WordPress plugin like Really Simple SSL. (They’ll take care of the heavy lifting thankfully.)
Cyber crime is growing exponentially. Google’s gentle nudging of webmasters (OK – more like a shove) to use HTTPS, despite the initial headache — is ultimately a net positive for all.
Selecting the right SSL certificate type, when you cut through all of the marketing speak, is also pretty easy at the end of the day. In most cases, a simple single-domain one is fine if most of your activity is happening on a single domain.
In-post Photo: Google.com
Screenshots by Brad Smith. February 2017