Best SSL Certificate to Use
-
I am setting up an ecommerce website that will sell batteries and like most e-commerce sites we will be taking credit cards. I was exploring the different SSL certificates and providers and I was shocked at the difference in pricing. Anywhere from free to over $1000! What is really necessary and what is nice to have? Any suggestions on SSL providers?
Thanks
-
There's several different kids of SSL but it sounds like you're talking about a single domain. That narrows things down to the two most common kinds: domain validated and extended validation.
Domain validation is the most common kind of certificate. The certification authority will send an email to the administrative contact listed on the WHOIS of the domain. Typically it's a link and you click it and that's all that's involved. These are relatively inexpensive but only work for one domain or subdomain (i.e. the certiciate will be issued for www.domain.com but won't show as valid for domain.com). In this same vein, but more expensive, is the wildcard certificate, which works for all subdomains (*.domain.com).
Extended Validation is only available for corporations and you have to jump through a LOT of hoops to get one (birth certificate of one of your officers, letter of validity from your lawyer or accountant, etc.). They take some time to get but the advantage is that you get the coveted green bar (see PayPal's site for a good example).
It doesn't matter who issues the certificate. Verisign used to be a huge name in this area but not so much in recent years. You'll pay more for their name and "warranty", but I doubt anyone outside the industry itself could tell you who Verisign is, let alone what the difference is. I have two Godaddy certificates and it hasn't slowed us down one bit. Many people simply resell for another authority (i.e. GeoTrust, Comodo, etc)
The encryption itself doesn't differ between certificates. Your Private Key (the piece your server needs to decrypt the traffic) and Certificate Signing Request(CSR) will have to be at least 2048 bits in strength (industry-wide). The actual encryption between your server and your client's browser is something that is negotiated as part of the "handshake" when the connection is first made and is most likely 128 bits (although some browsers and servers can support 256 bits). One thing you will need to note is the difference between SHA1 and SHA2 (Godaddy directly asks you which you want and I'm sure the others do as well). When you look at a certificate's details in your browser you'll see who issued a certificate. If it says G2, they're using SHA2. SHA1 has some weaknesses and is being phased out. The only people who will notice the difference are people running Windows XP SP2 or earlier (running any browser, even Chrome or Firefox) and they'll get an invalid certificate warning.
Be sure that your host has plugged the Heartbleed bug or you'll expose your private keys (anyone with your private key can decrypt your traffic).
-
Most SSL providers provide the same exact service. The difference in cost is from the levels of insurance, brand name and provider of the SSL, and trust factor of the badge. For example, you can buy a SSL from GoDaddy right now for around $70. As far as I can see it offers no insurance against identity or infomation theft. If you want a SSL from Verisign, its around $1000 and offers a $1,250,000 warranty. Most people know the verisign badge, and trust that their information will be encrypted and secure. When you purchase an SSL from them, you also get daily malware scanning and other features.
It really boils down to what are you getting the SSL for, if you require the additional insurance, what other features you would like to have, and if you think the badge will be the deciding factor of conversion for your users. If I remember correctly, the more expensive SSL's use a different bit rate. For example 128 bit vs 256 bit.
Hope this helps!
-
Hello Jimmy, I hope this answers you. There are a lot of SSL Certificate offers that I have seen so far and as a Marketer and a developer, I have implemented a lot of SSL Certificates. I will highly recommend you start with a Minimal SSL Certificate either from RapidSSL, GeoTrust or Comodo since they are cost effective.
I just ordered an SSL Certificate from Iwebhub. Check them out too.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Using Button Links vs Sidebar Menu
I have a services page with a lot of rich text and a slideshow of images. Currently, I am using a column of buttons to various services, and am wondering if a sidebar menu would be more effective for Google to crawl and rank?
Web Design | | cinchmedia0 -
Looking to remove SSL because it is causing very slow website download speeds. Does WP have a plugin that redirects SSL urls to non SSL urls?
After some extended debate with our web development team we are considering dropping the SSL from our website because it is adding almost 2 additional seconds to our download speeds. We know there is a SEO boost from having a SSL but we believe the extended download speeds maybe outweighing the benefit. However we are concerned about the SEO implications of having no method possible of redirect SSL to non SSL webpages. Does anybody know of a Wordpress Plugin that can force redirect SSL urls to non SSL urls?
Web Design | | RosemaryB0 -
Will interlinking using dynamic parameters in url help us in increasing our rankings
Hi, Will interlinking our internal pages using dynamic parameters(like abc.com/property-in-noida?source=footer) help us in increasing our rankings for linked pages OR we should use static urls for interlinking Regards
Web Design | | vivekrathore0 -
Anyone using CloudFlare on multiple sites?
We are considering using CloudFlare as a CDN for a large group of sites. The fees are $5 to $200 depending on many factors. We tried the free trial on one site and were impressed with the results. I am wondering if any of you have any longer term experience with this and performance metrics, etc.
Web Design | | RobertFisher1 -
What Is The Best Way To Categorize 3 Different Top Level Categories Each With 20 Sub Categories
Hello, We are trying to figure out the best way to categorize our app review website. We have 3 platforms, iPhone, iPad and Android and each platform has several sub categories and numerous apps subcategories totaling around 50 to 60 categories for each platform. Any suggestions how to do this properly? thank you Mike
Web Design | | crazymikesapps10 -
Best Place for Back Linking
Does anyone have a good list or know where I can find one to show me the best sites to create some organic back links to mine, preferably without paying for them? Thanks to those who help, Craig Fenton IT
Web Design | | craigyboy0 -
The use of foreign characters and capital letters in URL's?
Hello all, We have 4 language domains for our website, and a number of our Spanish landing pages are written using Spanish characters - most notably: ñ and ó. We have done our research around the web and realised that many of the top competitors for keywords such as Diseño Web (web design) and Aplicaión iPhone (iphone application) DO NOT use these special chacracters in their URL structure. Here is an example of our URL's EX: http://www.twago.es/expert/Diseño-Web/Diseño-Web However when I simply copy paste a URL that contains a special character it is automatically translated and encoded. EX: http://www.twago.es/expert/Aplicación-iPhone/Aplicación-iPhone (When written out long had it appears: http://www.twago.es/expert/Aplicación-iPhone/Aplicación-iPhone My first question is, seeing how the overwhelming majority of website URL's DO NOT contain special characters (and even for Spanish/German characters these are simply written using the standard English latin alphabet) is there a negative effect on our SEO rankings/efforts because we are using special characters? When we write anchor text for backlinks to these pages we USE the special characteristics in the anchor text (so does most other competitors). Does the anchor text have to exactly I know most webbrowsers can understand the special characters, especially when returning search results to users that either type the special characters within their search query (or not). But we seem to think that if we were doing the right thing, then why does everyone else do it differently? My second question is the same, but focusing on the use of Capital letters in our URL structure. NOTE: When we do a broken link check with some link tools (such as xenu) the URL's that contain the special characters in Spanish are marked as "broken". Is this a related issue? Any help anyone could give us would be greatly appreciated! Thanks, David from twago
Web Design | | wdziedzic0 -
Using Wordpress as CMS for large Websites
Is Wordpress good enough to be used as a full fledge CMS for a large website. In particular, I'm talking about a news website. We have been online since 2002 but pretty soon we will have digitized our print newspaper archives of about 60 years. So, my question is, is it OK to use Wordpress for the entire website and if so what are some of the important things that need to be kept in mind. Cheers!
Web Design | | RishadShaikh590
