Best SSL Certificate to Use
-
I am setting up an ecommerce website that will sell batteries and like most e-commerce sites we will be taking credit cards. I was exploring the different SSL certificates and providers and I was shocked at the difference in pricing. Anywhere from free to over $1000! What is really necessary and what is nice to have? Any suggestions on SSL providers?
Thanks
-
There's several different kids of SSL but it sounds like you're talking about a single domain. That narrows things down to the two most common kinds: domain validated and extended validation.
Domain validation is the most common kind of certificate. The certification authority will send an email to the administrative contact listed on the WHOIS of the domain. Typically it's a link and you click it and that's all that's involved. These are relatively inexpensive but only work for one domain or subdomain (i.e. the certiciate will be issued for www.domain.com but won't show as valid for domain.com). In this same vein, but more expensive, is the wildcard certificate, which works for all subdomains (*.domain.com).
Extended Validation is only available for corporations and you have to jump through a LOT of hoops to get one (birth certificate of one of your officers, letter of validity from your lawyer or accountant, etc.). They take some time to get but the advantage is that you get the coveted green bar (see PayPal's site for a good example).
It doesn't matter who issues the certificate. Verisign used to be a huge name in this area but not so much in recent years. You'll pay more for their name and "warranty", but I doubt anyone outside the industry itself could tell you who Verisign is, let alone what the difference is. I have two Godaddy certificates and it hasn't slowed us down one bit. Many people simply resell for another authority (i.e. GeoTrust, Comodo, etc)
The encryption itself doesn't differ between certificates. Your Private Key (the piece your server needs to decrypt the traffic) and Certificate Signing Request(CSR) will have to be at least 2048 bits in strength (industry-wide). The actual encryption between your server and your client's browser is something that is negotiated as part of the "handshake" when the connection is first made and is most likely 128 bits (although some browsers and servers can support 256 bits). One thing you will need to note is the difference between SHA1 and SHA2 (Godaddy directly asks you which you want and I'm sure the others do as well). When you look at a certificate's details in your browser you'll see who issued a certificate. If it says G2, they're using SHA2. SHA1 has some weaknesses and is being phased out. The only people who will notice the difference are people running Windows XP SP2 or earlier (running any browser, even Chrome or Firefox) and they'll get an invalid certificate warning.
Be sure that your host has plugged the Heartbleed bug or you'll expose your private keys (anyone with your private key can decrypt your traffic).
-
Most SSL providers provide the same exact service. The difference in cost is from the levels of insurance, brand name and provider of the SSL, and trust factor of the badge. For example, you can buy a SSL from GoDaddy right now for around $70. As far as I can see it offers no insurance against identity or infomation theft. If you want a SSL from Verisign, its around $1000 and offers a $1,250,000 warranty. Most people know the verisign badge, and trust that their information will be encrypted and secure. When you purchase an SSL from them, you also get daily malware scanning and other features.
It really boils down to what are you getting the SSL for, if you require the additional insurance, what other features you would like to have, and if you think the badge will be the deciding factor of conversion for your users. If I remember correctly, the more expensive SSL's use a different bit rate. For example 128 bit vs 256 bit.
Hope this helps!
-
Hello Jimmy, I hope this answers you. There are a lot of SSL Certificate offers that I have seen so far and as a Marketer and a developer, I have implemented a lot of SSL Certificates. I will highly recommend you start with a Minimal SSL Certificate either from RapidSSL, GeoTrust or Comodo since they are cost effective.
I just ordered an SSL Certificate from Iwebhub. Check them out too.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Non-wildcard SSL risky for SEO?
I have a potential client who doesn't seem to be using wildcard SSLs in a multi-site scenario (over 40 sites) - what I'm wondering is the scope of Google's inspection of a site's SSL in this case: https://www.domain.com (good to go) https://domain.com (certificate error) Will Googlebot/Google possibly consider the entire TLD insecure? Could the secured, www-version of the site end up with the "Site is not secure" message in the SERPs as well? Could this invisibly affect the client's rankings? PS: Yes, I know that the right thing to do is go wildcard, but I need an answer to this before recommending a large purchase to them.
Web Design | | scottclark0 -
Why use a wwwP subdomain naming convention
While working through a series of crawl reports and competitive insights for a site, I noticed one of the competitors had switched from a WWW-version to a wwwP-version. Looking back at the snapshot I took of this during the same time period in 2014, I noticed a significant drop in PA/DA by 20+/-. I'm curious to know if anybody else has experienced something similar, and if anybody can provide insights on why a change like this would even be made? I'll preface it with, everything we could see that this competitor was doing from the outside, was legitimate and propelling them in a positive direction.
Web Design | | dodgejd0 -
Recommended hosting companies for best TTFB?
Right now my client has a wordpress website with over 300 pages (mostly blog posts). Their average TTFB (time to first byte) is 3017 ms. They have a SSL and their current hosting company is Site 5. Does anybody have any recommendations for a better hosting company? We are willing to up the budget for better performance.
Web Design | | RosemaryB0 -
Best SEO practice - Umbrella brand with several domains
Hi, we have several blogs and comparison sites on specific topics. All the domains rank on top positions in very competitive niche markets. We think that we can get more profit out of the domains when we put them under an umbrella brand. Customers that visit domain A can then also find products easily on domain B. We see this for example on health.com, with several brands in the top. To maintain or improve our rankings i'm looking for specific information for the link structure. For example, is it better to have the 'about us'/rel=author on each domain, with contributors on that specific domain or is it better to have them all in the (umbrella) brand domain. At the moment we have the structure like this: domainA.com, domainA.com/blog, domainA.com/about-us and domainB.com, domainB.com/blog, domainB.com/about-us. I think to maintain the rankings it is best to keep specific content (like blog/ about us) on the domain. So is it the best to just do side wide links with a logo (like health.com) and what about hosting? We work with wordpress, so all domains will be hosted on one ip? when we use the multiple site option of WP? All information on this topic is more than welcome 🙂
Web Design | | remkoallertz0 -
Force SSL. Good or Bad?
My website can be accessed with a number of different URL's and I am trying to consolidate the traffic to one point. Is there any problem, SEO or technical, with forcing all users who come to my site to going to our https domain? I have already set a preferred domain in WebMaster Tools and set rel=canonical for each page. For instance, anyone entering the below sites would be forced to land at https://www.1099pro.com. 1099pro.com www.1099pro.com http://1099pro.com http://www.1099pro.com
Web Design | | Stew2220 -
Keywords in the page url for best SEO
Hello all, I am working in the keywors structure of a web and I have the following doubt: If I want to target these keywords: great food madrid and my website is: http://www.madridlive.com I do not know if I should keep either: OPTION 1: page url: www.madridlive.com/great-food-madrid or OPTION 2: page url www.madridlive.com/great-food I do not know if the search engines "understands" madrid in "madridlive", therefore I can avoid the "madrid" keyword, dicarding option 1 and going for option 2. Additionally I avoid duplication of the madrid keyword that can be seen as redundancy and also have a shorter page url. Thank you very much and sorry for such a question but I am new in this SEO field...just the excellent SEOMOZ's SEO Guide for beginners! Best regards, Antonio
Web Design | | aalcocer20030 -
My Site Is Using A Lot of Hosting Bandwidth. Suggestions?
My website http://www.socialseomanagement.com/ is using tons of bandwidth. I received a message from the hosting company saying I exceeded my monthly bandwidth and it has only been a few days. Can anyone take a look and make suggestions? Thanks
Web Design | | JChronicle0 -
Using Wordpress as CMS for large Websites
Is Wordpress good enough to be used as a full fledge CMS for a large website. In particular, I'm talking about a news website. We have been online since 2002 but pretty soon we will have digitized our print newspaper archives of about 60 years. So, my question is, is it OK to use Wordpress for the entire website and if so what are some of the important things that need to be kept in mind. Cheers!
Web Design | | RishadShaikh590