The Ultimate SSL Checklist – Pt. 2

ssl-key

Part 1 of this post covered some of the basic things you need to check off your list in order to make sure you can, and should, get an SSL certificate for your site. Now we’re going to dig into the nitty-gritty of:

1) How to actually purchase an SSL certificate, and

2) What to look for when choosing a provider.

What to look for:

Selecting an SSL provider can be more than a little tricky. There are literally dozens of providers out there, and to make matters worse, the terminology can be confusing.

Should you get an EV SSL certificate? What about a Wildcard SSL certificate? Do you need 2048-bit encryption? What is an SSL VPN and do you need it?

All these questions are valid—which is why we wrote this blog post. Now that you’ve gone through the SSL pre-purchase checklist, this post is designed to help you sift through the technical jargon and find out what type of SSL certificate you really need for your site.

Here are the things you need to consider when purchasing your SSL certificate:

1. Choose SHA-2 certificates

As processors become faster, it becomes easier for hackers to break previously invulnerable levels of encryption. That’s why in 2013, 1024-bit encryptions were no longer supported, and the much stronger 2048-bit certificates became the standard.

Something similar is happening today: many certificates use the SHA-1 hash, which is solid but may become at risk in the future.

That’s why we recommend choosing an SSL certificate that uses the stronger SHA-2 hash.

While the technical details aren’t important, what matters is that the SHA-2 is a stronger shield against the incursions of hackers. And ultimately, at the end of the day, that’s what you’re protecting your customers against.

2. Buy from a brand you trust

ssl-brand

While the majority of your customers will look for the green padlock (or if you get an EV SSL certificate, which highlights your company’s name in green, like this), there will always be customers who have a high degree of security concerns.

And this isn’t as small a number as you think: according to Clicktale, a consumer behavior company that provides heatmaps, 22% of customers view the footer no matter how long a page is. This is likely to check for security seals—including who provides your SSL certificate.

That’s why you want to go with a name that people associate with security and inherently trust. Because even if your provider is giving you strong encryption, if they’re unknown, it may scare off potential customers.

Pro Tip: Go with a brand that supports all major web browsers. You’d hate to purchase a certificate only for it to work on a limited number of browsers, right?

3. Determine if you need DV, EV, or OV

Have no clue what any of these letters mean? Don’t feel bad about it, most don’t! These refer to the types of certificate you can purchase. Which one you decide to go with will depend on what type of website you are operating. Here’s a breakdown of what each certificate covers:

DV = Domain Validation
(Shows green padlock and HTTPS in address bar)

  • Validates domain ownership only
  • Best for the majority of websites
  • Easy to obtain and quick to validate

OV = Organization Validation
(Shows green padlock and HTTPS in address bar)

  • Validates domain ownership and your organization
  • Best for large organizations
  • Proves that the website and the company are reputable

EV = Extended Validation
(Shows green padlock and HTTPS + name of business in address bar)

  • Validates domain ownership and requires extensive vetting of you and your organization
  • Best for financial institutions
  • May take days or weeks to validate

As mentioned in our Part 1 of this blog post, you’ll want to make sure you have the ability to do relevant verification for the type of certificate you decide to go with (especially for OV and EV certificates), this includes the ability to generate a CSR and provide accurate information for the domain’s WHOIS record.

4. Do you need a Wildcard or single domain SSL certificate?

This one is pretty simple: Wildcard SSL certificates encrypt an entire domain, so a wildcard SSL certificate for example.com would not only cover the main site but also store.example.com and blog.example.com

A single domain, as you might expect, would only cover one URL—in this case, example.com.

While single domain SSL certificates are almost always cheaper, we prefer wildcards—they’re like a safety net, encrypting customer data no matter where it comes in from. That way, you won’t be in for any unpleasant surprises if you, say, build out a blog where customers can enter their contact information.

5. Purchase and Install

Now that you’ve walked through the above steps, you should be ready to make an educated decision and purchase that certificate!

You’ll want to be sure to install the certificate on your server and update all the proper areas of your site, this includes links, images, etc. so that everything is switched over from http to https.

Here’s a great infographic that will walk you through the different sections of your site you’ll need to update once you have your certificate in hand. While this list may seem like a lot, it will ensure that your entire site is secure and that you’re getting the most out of your recent purchase.

ssl-checklistSee the full infographic here: https://www.nimbushosting.co.uk/secure-https/

6. Don’t forget to renew your certificate

Yes, SSL certificates do expire. And you must renew your certificate every year. After purchasing your certificate, be sure to set a reminder as the renewal date approaches so you don’t risk the chance of your certificate expiring without noticing.

The good news is, because SSL certificates do expire, if for some reason you don’t like the initial provider you chose, you can always choose to go through a different company next year.

Wrapping up

While SSL can seem really intimidating if you’re just dipping your toes in, it doesn’t have to be. Just remember to choose a brand everyone recognizes, ask if they provide SHA-2 encryption, and strongly consider opting for a wildcard SSL certificate.