Best SSL Certificate to Use
-
I am setting up an ecommerce website that will sell batteries and like most e-commerce sites we will be taking credit cards. I was exploring the different SSL certificates and providers and I was shocked at the difference in pricing. Anywhere from free to over $1000! What is really necessary and what is nice to have? Any suggestions on SSL providers?
Thanks
-
There's several different kids of SSL but it sounds like you're talking about a single domain. That narrows things down to the two most common kinds: domain validated and extended validation.
Domain validation is the most common kind of certificate. The certification authority will send an email to the administrative contact listed on the WHOIS of the domain. Typically it's a link and you click it and that's all that's involved. These are relatively inexpensive but only work for one domain or subdomain (i.e. the certiciate will be issued for www.domain.com but won't show as valid for domain.com). In this same vein, but more expensive, is the wildcard certificate, which works for all subdomains (*.domain.com).
Extended Validation is only available for corporations and you have to jump through a LOT of hoops to get one (birth certificate of one of your officers, letter of validity from your lawyer or accountant, etc.). They take some time to get but the advantage is that you get the coveted green bar (see PayPal's site for a good example).
It doesn't matter who issues the certificate. Verisign used to be a huge name in this area but not so much in recent years. You'll pay more for their name and "warranty", but I doubt anyone outside the industry itself could tell you who Verisign is, let alone what the difference is. I have two Godaddy certificates and it hasn't slowed us down one bit. Many people simply resell for another authority (i.e. GeoTrust, Comodo, etc)
The encryption itself doesn't differ between certificates. Your Private Key (the piece your server needs to decrypt the traffic) and Certificate Signing Request(CSR) will have to be at least 2048 bits in strength (industry-wide). The actual encryption between your server and your client's browser is something that is negotiated as part of the "handshake" when the connection is first made and is most likely 128 bits (although some browsers and servers can support 256 bits). One thing you will need to note is the difference between SHA1 and SHA2 (Godaddy directly asks you which you want and I'm sure the others do as well). When you look at a certificate's details in your browser you'll see who issued a certificate. If it says G2, they're using SHA2. SHA1 has some weaknesses and is being phased out. The only people who will notice the difference are people running Windows XP SP2 or earlier (running any browser, even Chrome or Firefox) and they'll get an invalid certificate warning.
Be sure that your host has plugged the Heartbleed bug or you'll expose your private keys (anyone with your private key can decrypt your traffic).
-
Most SSL providers provide the same exact service. The difference in cost is from the levels of insurance, brand name and provider of the SSL, and trust factor of the badge. For example, you can buy a SSL from GoDaddy right now for around $70. As far as I can see it offers no insurance against identity or infomation theft. If you want a SSL from Verisign, its around $1000 and offers a $1,250,000 warranty. Most people know the verisign badge, and trust that their information will be encrypted and secure. When you purchase an SSL from them, you also get daily malware scanning and other features.
It really boils down to what are you getting the SSL for, if you require the additional insurance, what other features you would like to have, and if you think the badge will be the deciding factor of conversion for your users. If I remember correctly, the more expensive SSL's use a different bit rate. For example 128 bit vs 256 bit.
Hope this helps!
-
Hello Jimmy, I hope this answers you. There are a lot of SSL Certificate offers that I have seen so far and as a Marketer and a developer, I have implemented a lot of SSL Certificates. I will highly recommend you start with a Minimal SSL Certificate either from RapidSSL, GeoTrust or Comodo since they are cost effective.
I just ordered an SSL Certificate from Iwebhub. Check them out too.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Have Your Thoughts Changed Regarding Canonical Tag Best Practice for Pagination? - Google Ignoring rel= Next/Prev Tagging
Hi there, We have a good-sized eCommerce client that is gearing up for a relaunch. At this point, the staging site follows the previous best practice for pagination (self-referencing canonical tags on each page; rel=next & prev tags referencing the last and next page within the category). Knowing that Google does not support rel=next/prev tags, does that change your thoughts for how to set up canonical tags within a paginated product category? We have some categories that have 500-600 products so creating and canonicalizing to a 'view all' page is not ideal for us. That leaves us with the following options (feel it is worth noting that we are leaving rel=next / prev tags in place): Leave canonical tags as-is, page 2 of the product category will have a canonical tag referencing ?page=2 URL Reference Page 1 of product category on all pages within the category series, page 2 of product category would have canonical tag referencing page 1 (/category/) - this is admittedly what I am leaning toward. Any and all thoughts are appreciated! If this were in relation to an existing website that is not experiencing indexing issues, I wouldn't worry about these. Given we are launching a new site, now is the time to make such a change. Thank you! Joe
Web Design | | Joe_Stoffel1 -
Multiple sites using same text - how to avoid Google duplicate content penalty?
Hi Mozers, my client located in Colorado is opening a similar (but not identical) clinic in California. Will Google penalize the new California site if we use text from our website that features his Colorado office? He runs the clinic in CO and will be a partner of the clinic in CA, so the CA clinic has his "permission" to use his original text. Eventually he hopes to go national, with multiple sites utilizing essentially the same text. Will Google penalize the new CA site for plagiarism and/or duplicate content? Or is there a way to tell Google, "hey Google, this new clinic is not ripping off my text"?
Web Design | | CalamityJane770 -
Best Way to Remove Mutltiple XML Sitemaps From Multiple Subdomains
Just found a series of of XML sitemaps hosted like so: http://www.thesite.anothersite.com/sitemap.xml and defaulted to remove and 301 redirect but as this is the first time I've encountered an issue like this, an outside opinion or two would be much appreciated. Is the 301 the best option, should I 404 them or what?
Web Design | | ePageCity0 -
My Site Is Using A Lot of Hosting Bandwidth. Suggestions?
My website http://www.socialseomanagement.com/ is using tons of bandwidth. I received a message from the hosting company saying I exceeded my monthly bandwidth and it has only been a few days. Can anyone take a look and make suggestions? Thanks
Web Design | | JChronicle0 -
Best Place for Back Linking
Does anyone have a good list or know where I can find one to show me the best sites to create some organic back links to mine, preferably without paying for them? Thanks to those who help, Craig Fenton IT
Web Design | | craigyboy0 -
What is Best Platform to Build Website - SEO in mind
Hello... I am going to be creating two new websites shortly that will need to be built with SEO in mind. These will not be e-commerce sites, but instead will be informational with a couple pages of content on each. One will be used to get people to input their contact info and that info will be sent to our call center where we will call them back from. The other site will be heavily used for graphics, but still needs to have room for content (seo purposes)... Can you guys please recommend what platform i should have these sites written on (and please remember I need to do this on whatever is the most SEO-Friendly)... Thanks
Web Design | | Prime850 -
Why or why not use Dot Net Nuke (DNN)?
I have development team pitching my client on using Dot Net Nuke (DNN) for the CMS. I have no experience with DNN and not sure why the developers want to use it. They do want to use Server SQL and may build some software for a different part of the project in .NET. What SEO and UX questions should I ask about using DNN?
Web Design | | Joshen0 -
Does using Wordpress Multisite have any negative SEO impact?
I manage multiple websites in Wordpress and the idea of managing them all under one Wordpress install is very attractive. Are there any dangers SEO-wise to doing so? I know that all of the sites would live under the same IP address, but that's not something I'm really concerned with anyway because I don't do a lot of inter-linking between the sites. Thanks for your help! -El Juano
Web Design | | JonathanFashbaugh0