Does your website need an SSL Certificate?

February 25, 2014

Ross Ross Gerring

Please consider this to be a brief, not-too-technical overview of the subject. For more in-depth information, try Wikipedia or DigiCert

What is an SSL certificate?

It’s a software technology that encrypts all information being exchanged between your website (i.e. the computer server where it’s hosted) and the devices (PC, tablet, etc.) of anyone visiting/using the site. It can be made to apply to every single page of a site, or it can be made to apply to only specific pages of a site.

What does “encrypt” mean?

Without an SSL certificate, all information exchanged between a PC and your website is transmitted in “plain text”. Therefore if someone intercepted the data being exchanged, they could easily read that information, and potentially use it with malicious intent. With an SSL certificate in place, the same intercepted data would present as being “scrambled” (encrypted), and is virtually impossible to read, or decrypt.

Do I need an SSL certificate for my website?

The more your website involves the exchange of potentially sensitive or confidential information (yours and/or your clients), the more your site needs an SSL certificate, and vice versa.

The most common types of sensitive information being exchanged between websites and the people who use those websites are:

  1. Financial information, e.g. credit cards.
  2. Personal information, e.g. name, age. date of birth, address.
  3. Passwords, i.e. any place on your site where someone (yourself and/or clients) are required to login (authenticate) to access it, e.g. a members area and/or your own content management admin area.

It’s a trust thing. Most people can spot when an SSL certificate is in operation and when it’s not, and some will hold back using your site if an SSL certificate is not in place and they’re being asked to share potentially sensitive information.

How can I tell if an SSL certificate is in operation on a web page?

Two main ways:

  1. Instead of http:// being displayed in your internet browser (e.g. Google Chome), you’ll see https://.
  2. A small padlock icon will appear in your internet browser, typically next to the https:// address of the page you’re currently viewing.

What’s the difference between a single or standard SSL, and a wildcard SSL?

A wildcard SSL secures a domain and all of its first-level subdomains. For example, a certificate for *.example.com secures www.example.com, mail.example.com, shop.example.com, uat.example.com, etc. A single or standard SSL certificate would only secure www.example.com, requiring you to purchase an additional certificate for mail.example.com and another for shop.example.com, etc. Although one wildcard SSL is a little more expensive than one standard SSL, due to their far greater flexibility we recommend wildcard SSLs to all our clients at Itomic, and can offer very competitive rates.

What’s the worst that can happen if my site doesn’t have an SSL certificate?

The information harvested is used maliciously against you and/or your clients. For example, if an unauthorised person gained the admin login details for your site, they could anything to your site that you can do.

How do I choose, buy, install and configure an SSL certificate?

We strongly recommend you speak with your website developer and/or website hosting provider – such as Itomic – for guidance and support on this.

In summary

  1. Think of an SSL certificate as you would do an insurance policy. You might never need it, but be very glad if/when you do.
  2. Some clients (actual or prospective) may avoid your site if they perceive that your website isn’t secure. Is their business worth more or less to you than the cost of an SSL certificate?