by Aaron Reimann
January 17, 2017
In October of last year, I wrote about SSL certificates, and told people to start getting an SSL certificate, even if you don’t think you need one. Any site that has a password field, or accepts credit cards, it needs an SSL certificate. If you do not, your rankings in Google will go down.
I’ll be skipping the technical jargon about SSL certificates and moving on a laymen’s description of which one you should get. If you want to get technical, SSL (Secure Socket Layer) is deprecated and is now TLS (Transport Layer Security). But, everyone still calls it SSL because we are creatures of habit.
What are your options:
Domain Validation Certificate (DV):
“A certificate provider will issue a Domain Validation (DV) class certificate to a purchaser if the purchaser can demonstrate one vetting criterion: the right to administratively manage a domain name.” – from Wikipedia
Let’s Encrypt is an example of a DV certificate generator. Let’s Encrypt (https://letsencrypt.org/) is what Sideways8.com is using. We used letsencrypt.org’s methods to generate a key. Then I configured WordPress to use the “HTTPS” version of the site instead of HTTP. Overall, it is very easy to set up because most modern hosting companies allow you to push a button or two and it is setup. You can also have this certificate in a matter of minutes.
This free certificate encrypts the traffic, and that’s it. It does not verify that Sideways8 Interactive LLC has rights to use sideways8.com, and we surely don’t have an insurance policy in case the site is hacked. We don’t take credit card information, so it isn’t that important.
Organization Validation Certificate
A certificate provider will issue an Organization Validation (OV) class certificate to a purchaser if the purchaser can meet two criteria: the right to administratively manage the domain name in question, and perhaps, the organization’s actual existence as a legal entity. A certificate provider publishes its OV vetting criteria through its Certificate Policy. – from Wikipedia
This process can take a little while, but I can normally get this certificate created in a matter of 1-3 days. If you were to purchase this type of certificate from GoDaddy, they would look up the company and make sure they own the domain, and also make sure they are a legally registered company.
Extended Validation Certificate (EV)
An Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the legal entity controlling the web site or software package. Obtaining an EV certificate requires verification of the requesting entity’s identity by a certificate authority (CA). Web browsers show the verified legal identity prominently in their user interface, either before, or instead of, the domain name. During software installation, the verified legal identity is displayed to the user by the operating system (e.g., Microsoft Windows) before proceeding with the installation. – from Wikipedia
This is the more time consuming and more “vetted” type of a SSL certificate.
There is a great layout comparing these three types of certificates on GoDaddy’s site.
If you are just trying to make sure your not pushed down on Google’s search results, just get the free and simple SSL certificate. If you are accepting credit card information, please purchase something that is a little more legit, and possibly one that has some kind of insurance policy just in case it is hacked.
Writing articles on my personal blog and Sideways8’s blog has always been fun. I’ve been…
Working from home has it’s advantages and disadvantages, but I wouldn’t change it. I think…