You think you need an SSL certificate, but even figuring out where to begin can be a headache in its own right.
In Part 1 of this post, we’ll go over what you need in order to qualify for an SSL certificate. This “Pre-Purchase Checklist” will help you determine whether or not an SSL certificate is appropriate for your website.
First, let’s make sure we all have a clear understanding of what an SSL Certificate is.
You’ve seen the green padlock on your web browser. You’ve also seen the green “https” that appears when you’re shopping online. That’s the sign that the site you’re on has a valid SSL certificate. But an SSL certificate does way more than just make a green padlock appear in your URL.
An SSL certificate protects your customers, their data, and your business by encrypting any and all data your customers send to your servers, making it extremely difficult for bad guys to intercept. This ensures that you and only you can read those credit card numbers, addresses, social security info, and any other sensitive things that customers might send your way.
Now that we’re on the same page, let’s determine whether or not you actually need an SSL certificate:
1. Does your website come with an SSL certificate?
One of the great things about ecommerce platforms like Shopify or Bigcommerce is that they do a lot of the heavy lifting for you—including securing your shopping cart.
Because these companies are running your store’s backend, if you’re using a platform, there’s a very good chance your site already has a valid SSL certificate.
One easy way to check is to go through your sales funnel. If you get to the page where you’re entering your credit card info and the URL has changed to your platform’s URL, this means that you are using a 3rd party payment processor and you already have a valid SSL certificate.
Notice how in this picture below we go from norwegianrain.com …
…to a shopify.com URL with “HTTPS” once we’re in the cart:
If that’s the case, you’re checkout experience is good to go! But what about the rest of your site?
Pro Tip: If you’d like to take your security one step further and not only have an SSL certificate for your checkout but throughout the entire shopping experience, you can consider purchasing an SSL certificate and adding it to the remaining areas on your site. This way, the green “HTTPS” bar will show security-concerned customers they are safe on every page of your site.
2. Does your host support it?
Depending on who your hosting provider is, you may already have a shared SSL certificate as part of your plan. A dedicated SSL certificate requires that a website has its own IP address and a unique URL, whereas a shared SSL certificate allows users to share a certificate on the server.
Smaller hosting plans tend to put users on a shared IP address, and shared SSL certificates are typically included with your hosting plan at no additional cost.
Keep in mind, the downside to using a shared SSL certificate is that the business name is not typically on the certificate. For some shoppers, this may raise red flags. Sometimes certificate warning messages pop up on customer’s browsers when the SSL certificate in use does not match the domain name.
If you’d like to purchase a private SSL certificate that is specific to your domain, you’ll want to make sure you can easily install the certificate on your site.
3. Are you running an ecommerce site?
The most important, basic, nuts-and-bolts fact there is, is that if** you’re accepting credit payments, you’ve got to have a valid SSL certificate**. However, it’s not only ecommerce sites that need SSL certificates.
- Do you sell products?
- Do you accept credit card information?
- Do you offer memberships or collect login information?
- Do you collect sensitive data from your visitors through online forms?
If you answered yes to any of the above questions, then it’s recommended that you get an SSL certificate for your site.
Even if you answered "No" to all the above questions, don’t completely dismiss getting an SSL certificate. An SSL certificate can still be beneficial to you and your business. In general, users are more likely to engage with and trust a site that is SSL certified. There is also an SEO benefit to having SSL certificates. Google now uses HTTPS as a ranking factor in search engine results, helping get your site to the top of search results.
4. Can you generate a CSR and is your WHOIS record up-to-date?
In order to activate an SSL certificate, you must have the ability to do the following two things, both of which have been put into place to help protect your business.
- Submit a Certificate Signing Request (CSR).
During the application process you must submit a CSR. This helps the Certification Authority identify which server will use your certificate as well as the domain names you’ll use for the SSL certificates. The information will be used to create your SSL certificate. In order to generate a CSR, you will need to follow instructions based on your operating system.
- Provide correct contact information on the WHOIS record.
The Certification Authority will validate your details and verify that the request has come from an authorized owner of the domain. This is done by checking that the WHOIS record matches that of the company and address submitted.
Note: If you are using an SSL certificate on a shared hosting account, you typically do not need to generate a CSR. Your hosting provider will take care of that for you.
5. Do you have access to your web server?
This may seem like a silly question, but it is one that can get overlooked. In order to install your SSL certificate after completing your application and purchase, you will need to be able to (or have someone on your team who can) install the files on your web server.
What good is an SSL certificate if you can’t install and display it?!
Now that you’ve made sure you have everything in place to qualify for an SSL certificate, you’re ready to find the right SSL provider and purchase your certificate. In Part 2 of this post, we’ll walk through every step in the SSL purchasing process and help you make an informed decision for your site.
Subscribe to McAfee SECURE Blog
Get the latest posts delivered right to your inbox