Best SSL Certificate to Use
-
I am setting up an ecommerce website that will sell batteries and like most e-commerce sites we will be taking credit cards. I was exploring the different SSL certificates and providers and I was shocked at the difference in pricing. Anywhere from free to over $1000! What is really necessary and what is nice to have? Any suggestions on SSL providers?
Thanks
-
There's several different kids of SSL but it sounds like you're talking about a single domain. That narrows things down to the two most common kinds: domain validated and extended validation.
Domain validation is the most common kind of certificate. The certification authority will send an email to the administrative contact listed on the WHOIS of the domain. Typically it's a link and you click it and that's all that's involved. These are relatively inexpensive but only work for one domain or subdomain (i.e. the certiciate will be issued for www.domain.com but won't show as valid for domain.com). In this same vein, but more expensive, is the wildcard certificate, which works for all subdomains (*.domain.com).
Extended Validation is only available for corporations and you have to jump through a LOT of hoops to get one (birth certificate of one of your officers, letter of validity from your lawyer or accountant, etc.). They take some time to get but the advantage is that you get the coveted green bar (see PayPal's site for a good example).
It doesn't matter who issues the certificate. Verisign used to be a huge name in this area but not so much in recent years. You'll pay more for their name and "warranty", but I doubt anyone outside the industry itself could tell you who Verisign is, let alone what the difference is. I have two Godaddy certificates and it hasn't slowed us down one bit. Many people simply resell for another authority (i.e. GeoTrust, Comodo, etc)
The encryption itself doesn't differ between certificates. Your Private Key (the piece your server needs to decrypt the traffic) and Certificate Signing Request(CSR) will have to be at least 2048 bits in strength (industry-wide). The actual encryption between your server and your client's browser is something that is negotiated as part of the "handshake" when the connection is first made and is most likely 128 bits (although some browsers and servers can support 256 bits). One thing you will need to note is the difference between SHA1 and SHA2 (Godaddy directly asks you which you want and I'm sure the others do as well). When you look at a certificate's details in your browser you'll see who issued a certificate. If it says G2, they're using SHA2. SHA1 has some weaknesses and is being phased out. The only people who will notice the difference are people running Windows XP SP2 or earlier (running any browser, even Chrome or Firefox) and they'll get an invalid certificate warning.
Be sure that your host has plugged the Heartbleed bug or you'll expose your private keys (anyone with your private key can decrypt your traffic).
-
Most SSL providers provide the same exact service. The difference in cost is from the levels of insurance, brand name and provider of the SSL, and trust factor of the badge. For example, you can buy a SSL from GoDaddy right now for around $70. As far as I can see it offers no insurance against identity or infomation theft. If you want a SSL from Verisign, its around $1000 and offers a $1,250,000 warranty. Most people know the verisign badge, and trust that their information will be encrypted and secure. When you purchase an SSL from them, you also get daily malware scanning and other features.
It really boils down to what are you getting the SSL for, if you require the additional insurance, what other features you would like to have, and if you think the badge will be the deciding factor of conversion for your users. If I remember correctly, the more expensive SSL's use a different bit rate. For example 128 bit vs 256 bit.
Hope this helps!
-
Hello Jimmy, I hope this answers you. There are a lot of SSL Certificate offers that I have seen so far and as a Marketer and a developer, I have implemented a lot of SSL Certificates. I will highly recommend you start with a Minimal SSL Certificate either from RapidSSL, GeoTrust or Comodo since they are cost effective.
I just ordered an SSL Certificate from Iwebhub. Check them out too.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Best CMS for e-commerce
Our website is powered through Magento CMS although I am losing my patience with it. We are completely restricted as to what we can do. The development costs are high and ongoing. We are a fast moving company but we feel that Magento is not the right solution for the companies future. We can not style pages to drive conversions without putting styling requests to our developers which takes months to complete and the end results are not always as we would prefer, we would prefer to style the pages ourselves using blocks etc. Any suggestions would be much appreciated.
Web Design | | Jseddon920 -
Best practice for multilanguage website ( PHP feature based on Browser or Geolocalisation)
Hi Moz Experts I would like to know what does it the best practice for multilanguage website for the default language ? There are several PHP features to help users to get the right language when they come from SEO and direct; present the default language by browser language, by gelolocalisation, etc. However, which one is the most appropriate for Quebec company that try to get outside Canada ? PRO and CONS. Thank you in advance.
Web Design | | johncurlee0 -
Should I Use An Animated Javascript Responsive Site
Hi, hope someone might be able to help me with this. I am setting my son up with a website for his small painting and decorating company. However, I am a wordpress stalwart and he has seen a theme which is a javascript animated responsive theme from template monster. Its not my choice just he is adamant that he wants it. However, I am slightly concerned that Google cannot index as well with these kind of sites as they would with a standard HTML site. I would be grateful if someone could confirm if they can be indexed etc. The content appears in what I can only describe as lightboxes. Thanks
Web Design | | denismilton0 -
Who's best but affordable custom shopping cart provider (e.g. 3dcart, big commerce, shoppingcart)?
I'm planning to put up a buy and sell site for shoes where people can upload shoe listings on their own something like ebay.com though we're not the ones who will process the payment. The site we're planning doesn't have a buy/checkout button and paypal integration so it will look like a catalog. We will just add a contact number/email in the product listing so a buyer can contact and personally meet the seller. Let me know if this can be done in Wordpress + e-commerce plugins. I would also like to know if there are custom shopping cart providers that allow Facebook or Twitter login/sign up integrated in the platform. Let me know if this is also possible in Wordpress by adding a plugin. Thanks in advance!
Web Design | | esiow20130 -
Web Developer Using Stock Photos
Hello, The organization is selling a cms system in a niche market across the country. It has the normal SEO challenges, in addition he is using purchased stock images. This seemed ok, while he was smaller but now we are growing rapidly and these images are VERY STOCK- and well used ( I have checked with Tiny Eye). I remember a few years ago this was a flag to the search engines who went through manual review, is this still true? It seems to me that the theme's that come with the images, are duplicated ( including navigation & footers), so having the duplicated images would be another negative. Thank you for your suggestions!
Web Design | | TammyWood0 -
After a website redesign, what is the impact and is it a good practice to use /v2/ naming convention?
Hi mightyful SEOMoz community. We just launched a redesign of our commercial website from https://www.data-field.com to https://www.data-field.com/v2/ All URLs from previous website were 301 permanent redirect to the appropriate page in the new website, and the root domains ( /, /v2/ ) send the users to their own language content /v2/en/, /v2/fr/, /v2/zh/ Up to here everything is fine. But then I setup the usual "Share" buttons, only to find that they were displaying a "0" count. Then I realized that it was because of the root URL change from / to /v2/ My question is the following: 1. Is using /v2/ a good practice? 2. If yes, then should I link the Social tool to https://www.data-field.com/ ( only ) instead of linking it to the actual page in the address bar? Thanks for your answers.
Web Design | | NicolasE0 -
Redirect based on location best practice clarification?
Hi, i have a question that i have seen some other have also had. The question is what is the best practice to serve the location specific page to the user (based on their location)? This post (http://www.seomoz.org/q/redirecting-users-based-on-location) suggests against automatically redirecting the user based on IP address. I guess the primary concern is that Google bot will also be redirected in this case... I see a number of well known sites use automatic redirect based on location. Take Urbanspoon for example (http://www.urbanspoon.com/), they use a 302 redirect to redirect to location specific page. Do they not redirect Google bot? Is there any way to test this? Can creating a rule to exclude crawlers from redirect cause SEO problems? How? Another example that i am somewhat confused as to how it works effectively is groupon.com.au It selects my closest city (i assume using IP), however the URL stays as the root URL. For example, i typed in http://www.groupon.com.au/ and it stays as http://www.groupon.com.au/ with the city chosen as "Melbourne". The canonical url for this page is the root URL (ie http://www.groupon.com.au/). If you then select "change city" and click the same city (ie Melbourne), it redirects to http://www.groupon.com.au/deals/melbourne. Canonical URL of this page is http://www.groupon.com.au/deals/melbourne. How is this not duplicate content? Can you please advise on the best way to redirect (ideally automatically), to provide the best user experience, while still having Google bot able to crawl the site effectively? Thanks
Web Design | | blackrails0 -
Website using javascript to serve up content - SEO Friendly?
I'm checking out a dentist website http://www.sagedentalnj.com/ I was referred by a friend so just taking a little peek at it. When you click on the menu items, the url at the top doesn't change. When you view source, the page titles are all the same. when I do site:http://www.sagedentalnj.com/ none of his pages are indexed by google. What can be done with his site so that google sees his pages? Maybe submit sitemap?
Web Design | | Czubmeister0