Secure Sockets Layer (SSL) certificates are cryptographic protocols that provide security for communications over the Internet. These are required to encrypt sensitive information such as credit card information and email addresses that are transferred from your customer's computer to your server. Currently, the leading providers in the market are Verisign, Network Solutions, Thawte, GoDaddy, Geotrust, Digicert, and RapidSSL.You can buy your certificate directly from those companies' websites. They will ask you to provide information that identifies you or your company as the owner of the domain name that the certificate will secure, as well as a CSR (Certificate Signing Request) file that needs to be generated on the server where your site is hosted (usually your hosting or e-commerce provider will supply you with this file if you request it-however, some providers may charge for this service). Shortly after you apply, you will be issued the SSL certificate (which is a text file that contains encrypted information) that you or your ecommerce/hosting provider will install on the server. Secure certificates are valid for either one or two years and then must be renewed.
So, how do you choose the SSL certificate that's right for you? As you shop around, you will see a wide range of prices and options, which can be overwhelming at first. Here's a brief explanation:
First, all providers offer two main types of SSL certificate for e-commerce websites:
- Basic SSL Certificate: The less expensive option. Provides encryption from 128bit to 256bit for most browsers.
- xtended Validation (EV) Certificate: This is technically the same as a Basic SSL certificate but it requires extensive verification of the requesting entity's identity by the SSL provider before a certificate is issued. In return, the certificate will have a specific policy identifier that will turn the address bar of the browsers of people visiting your site green and will display more information about the certificate and the company. The purpose of this certificate is to add trust to your online transactions.
Then, within these two main categories, you will see different price ranges, depending on:
- Provider: Brand name providers such as Verisign are usually more expensive but are more recognizable to visitors, while other providers will offer the same level of encryption for cheaper.
- Guarantee: some providers offer different guarantees with their certificates, which can affect the price.
- Expedited Service: Some providers offer more expensive certificates that can be issued in 24-48 hours instead of a few days or weeks.
In addition to the certificate, most providers will offer you a Secure Seal to put on your website, which informs your visitors that your website uses this provider to secure transactions. It's important to place this seal on every page in your website(or, at the very least, your secured pages, such as checkout, customer account, etc) in order to create trust with your visitors and establish authenticity.
Because most providers offer the same level of security for their certificate (from 128 bit to 256bit encryption) , your choice will mainly depend on your budget and how important it is to you that your site displays a well-known seal and an EV green bar.