Best SSL Certificate to Use
-
I am setting up an ecommerce website that will sell batteries and like most e-commerce sites we will be taking credit cards. I was exploring the different SSL certificates and providers and I was shocked at the difference in pricing. Anywhere from free to over $1000! What is really necessary and what is nice to have? Any suggestions on SSL providers?
Thanks
-
There's several different kids of SSL but it sounds like you're talking about a single domain. That narrows things down to the two most common kinds: domain validated and extended validation.
Domain validation is the most common kind of certificate. The certification authority will send an email to the administrative contact listed on the WHOIS of the domain. Typically it's a link and you click it and that's all that's involved. These are relatively inexpensive but only work for one domain or subdomain (i.e. the certiciate will be issued for www.domain.com but won't show as valid for domain.com). In this same vein, but more expensive, is the wildcard certificate, which works for all subdomains (*.domain.com).
Extended Validation is only available for corporations and you have to jump through a LOT of hoops to get one (birth certificate of one of your officers, letter of validity from your lawyer or accountant, etc.). They take some time to get but the advantage is that you get the coveted green bar (see PayPal's site for a good example).
It doesn't matter who issues the certificate. Verisign used to be a huge name in this area but not so much in recent years. You'll pay more for their name and "warranty", but I doubt anyone outside the industry itself could tell you who Verisign is, let alone what the difference is. I have two Godaddy certificates and it hasn't slowed us down one bit. Many people simply resell for another authority (i.e. GeoTrust, Comodo, etc)
The encryption itself doesn't differ between certificates. Your Private Key (the piece your server needs to decrypt the traffic) and Certificate Signing Request(CSR) will have to be at least 2048 bits in strength (industry-wide). The actual encryption between your server and your client's browser is something that is negotiated as part of the "handshake" when the connection is first made and is most likely 128 bits (although some browsers and servers can support 256 bits). One thing you will need to note is the difference between SHA1 and SHA2 (Godaddy directly asks you which you want and I'm sure the others do as well). When you look at a certificate's details in your browser you'll see who issued a certificate. If it says G2, they're using SHA2. SHA1 has some weaknesses and is being phased out. The only people who will notice the difference are people running Windows XP SP2 or earlier (running any browser, even Chrome or Firefox) and they'll get an invalid certificate warning.
Be sure that your host has plugged the Heartbleed bug or you'll expose your private keys (anyone with your private key can decrypt your traffic).
-
Most SSL providers provide the same exact service. The difference in cost is from the levels of insurance, brand name and provider of the SSL, and trust factor of the badge. For example, you can buy a SSL from GoDaddy right now for around $70. As far as I can see it offers no insurance against identity or infomation theft. If you want a SSL from Verisign, its around $1000 and offers a $1,250,000 warranty. Most people know the verisign badge, and trust that their information will be encrypted and secure. When you purchase an SSL from them, you also get daily malware scanning and other features.
It really boils down to what are you getting the SSL for, if you require the additional insurance, what other features you would like to have, and if you think the badge will be the deciding factor of conversion for your users. If I remember correctly, the more expensive SSL's use a different bit rate. For example 128 bit vs 256 bit.
Hope this helps!
-
Hello Jimmy, I hope this answers you. There are a lot of SSL Certificate offers that I have seen so far and as a Marketer and a developer, I have implemented a lot of SSL Certificates. I will highly recommend you start with a Minimal SSL Certificate either from RapidSSL, GeoTrust or Comodo since they are cost effective.
I just ordered an SSL Certificate from Iwebhub. Check them out too.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Anyone using CloudFlare on multiple sites?
We are considering using CloudFlare as a CDN for a large group of sites. The fees are $5 to $200 depending on many factors. We tried the free trial on one site and were impressed with the results. I am wondering if any of you have any longer term experience with this and performance metrics, etc.
Web Design | | RobertFisher1 -
Lots of Listing Pages with Thin Content on Real Estate Web Site-Best to Set them to No-Index?
Greetings Moz Community: As a commercial real estate broker in Manhattan I run a web site with over 600 pages. Basically the pages are organized in the following categories: 1. Neighborhoods (Example:http://www.nyc-officespace-leader.com/neighborhoods/midtown-manhattan) 25 PAGES Low bounce rate 2. Types of Space (Example:http://www.nyc-officespace-leader.com/commercial-space/loft-space)
Web Design | | Kingalan1
15 PAGES Low bounce rate. 3. Blog (Example:http://www.nyc-officespace-leader.com/blog/how-long-does-leasing-process-take
30 PAGES Medium/high bounce rate 4. Services (Example:http://www.nyc-officespace-leader.com/brokerage-services/relocate-to-new-office-space) High bounce rate
3 PAGES 5. About Us (Example:http://www.nyc-officespace-leader.com/about-us/what-we-do
4 PAGES High bounce rate 6. Listings (Example:http://www.nyc-officespace-leader.com/listings/305-fifth-avenue-office-suite-1340sf)
300 PAGES High bounce rate (65%), thin content 7. Buildings (Example:http://www.nyc-officespace-leader.com/928-broadway
300 PAGES Very high bounce rate (exceeding 75%) Most of the listing pages do not have more than 100 words. My SEO firm is advising me to set them "No-Index, Follow". They believe the thin content could be hurting me. Is this an acceptable strategy? I am concerned that when Google detects 300 pages set to "No-Follow" they could interpret this as the site seeking to hide something and penalize us. Also, the building pages have a low click thru rate. Would it make sense to set them to "No-Follow" as well? Basically, would it increase authority in Google's eyes if we set pages that have thin content and/or low click thru rates to "No-Follow"? Any harm in doing this for about half the pages on the site? I might add that while I don't suffer from any manual penalty volume has gone down substantially in the last month. We upgraded the site in early June and somehow 175 pages were submitted to Google that should not have been indexed. A removal request has been made for those pages. Prior to that we were hit by Panda in April 2012 with search volume dropping from about 7,000 per month to 3,000 per month. Volume had increased back to 4,500 by April this year only to start tanking again. It was down to 3,600 in June. About 30 toxic links were removed in late April and a disavow file was submitted with Google in late April for removal of links from 80 toxic domains. Thanks in advance for your responses!! Alan0 -
Is there a best practice for using a general iso code for the EAME region and APAC region or should you break it out by country?
I am creating a strategy for multiple regions and the US comes to market different than EAME (Europe, Africa, Middle East) and China. We were planning on using language and iso codes in subfolder's but the corporation only wants their content to be in German, English, and Queens English. Our current decision is to use /en-US/, /en/, /de/, /en-CN/, /zh-CN/. /en/ and /de/ will be what we use for EAME. This doesn't seem like the best idea as I think /en/ will get indexed as the US version and not the EAME version. Any suggestion or if clarification is needed is greatly appreciated.
Web Design | | GodfreyB2B0 -
What is the best tool to view your page as Googlebot?
Our site was done with asp.net and a lot of scripting. I want to see what Google can see and what it can't. What is the best tool that duplicates Googlebot? I have found several but they seem old or inaccurate.
Web Design | | EcommerceSite0 -
Best SEO Strategy for Social Games
Hi all - wondering if you can help.... We have a social gaming startup with a few million users. Our first game is http://iamplayr.com (currently just a landing page) - now we're just about to launch some more games. We'll have approx 6 titles by the end of the year (note most of our users are on Facebook.com).I'm a little unsure the best way to approach this from an SEO perspective. 1) Should we direct everything to a games specific .com site like http://iamplayr.com -> and if so, should we build out this site to attract more keywords2) Direct everything to our Facebook app e.g. http://farmville.com 3) Have 1 central site for our multiple titles, with each game having a subdomain e.g. ala King.com / Zynga.com etc? What you recommend? Our goal is to have a managable 'off Facebook' strategy that attracts maximum organic traffic for keywords e.g. 'free football game' etc Thanks 🙂 H
Web Design | | HowardK0 -
Looking for an open source or wordpress designer that knows seo best practices
I have almost lost my patience in trying to find a web developer for our project. I have searched high and low from freelancers to us based firms. All I can find; freelancers that can't get the job done, but promise they can and us based firms that are currently getting away with murder charging through the nose on work that is not acceptable to say the least. US based Firms 1. Seem to give you as little work as possible to increase their margin. I get it we all need to make money. 2. Everyone knows how to do everything until you start telling them that you have a little education in the industry and will be testing their work. All of the sudden they no longer talk to you. 3. Got a few recommendations and they are all subpar performers. After asking them why their builds load so slow or have so many errors they have excuses that point to the customer Freelancers over seas. 1. I am not sure where to start with this. I have searched high and low in freelancer for someone that I can trust to build a site. Of course there is a ton of junk to look through. After countless hours of narrowing down the individuals I am thinking of giving a shot I find that they are not capable of the job. All I want is a new website from a firm that is honest and knows what they are doing. That is educated in seo best practices. That can build a quality website and actually has references of sites they built that are still up and running and test out alright. It is pretty bad when web development companies miss simple items like h tags. Really? Does anyone know of someone that knows what they are doing? That can work with someone that knows how to run a dvd player. Just disappointing to see all these web companies and freelancers that get away with murder. Who earns their keep in this industry?!?!?!?
Web Design | | forecastedinvestments0 -
Which Shopping Cart is best for SEO? Magento vs. X-Cart
Comparing X-Cart and Magento, which do you think is better for SEO and why? I am leaning towards Magento and wanted to get some opinions?
Web Design | | BlinkWeb0 -
Using Wordpress as CMS for large Websites
Is Wordpress good enough to be used as a full fledge CMS for a large website. In particular, I'm talking about a news website. We have been online since 2002 but pretty soon we will have digitized our print newspaper archives of about 60 years. So, my question is, is it OK to use Wordpress for the entire website and if so what are some of the important things that need to be kept in mind. Cheers!
Web Design | | RishadShaikh590