What are SSL Certificates?
■ Introduction of SSL certificates
SSL (Secure Socket Layer) is a standard technology for encrypted communications between a web server and a browser.
If you have a SSL certificate installed for your website, the information transmitted between your site and your customers’ browsers will be protected from being stolen. The URL of SSL certificate-installed website is HTTPS instead of HTTP , and the little icon before the URL is a padlock .
SSL/ TLS Handshake is a process to ensure the security of transmitting information:
1. Client Hello : when a user accesses the website, the cipher suites (supported by the browser), a hash function and the SSL’s version will be sent to the webserver.
2. Server Hello : The web server will send its SSL version, cipher suite (public key), and the certificate-related information to the client.
3. Client Key Exchange : once the client verifies the information received, it will use the public key for encryption and send a new key to the server.
4. Finish : once the keys are successfully decrypted at both sides, the handshake is completed, and the user can access the website normally.
What should be noted is that a website with an SSL certificate installed does not mean that it is 100% secure. Some basic SSL certificates are cheap, issued easily and fast, and that they do not support identity validation. This means that illegal and malicious websites can install SSL certificates too. If the website is operated for malicious purposes, then whether it is with an SSL certificate does not guarantee security. As a website owner, you may want to choose a higher-level certificate to increase your customers’ confidence.
■ Types of SSL certificates
There are different types of SSL certificates for various kinds of websites. As mentioned above, there are basic and higher-level types of certificates. They can be distinguished by the number of domains protected and the validation levels
1. The number of domains protected
| Item | Single SSL | Wildcard SSL | Multi-Domain SSL |
|---|---|---|---|
| Protected domains | one domain only | one domain and all its subdomains | multi-domain |
| Example | net-chinese.com.tw | net -chinese.com.tw / wiki.net-chinese.com.tw ... | net-chinese.com.tw / netc.tw ... |
2. Validation levels
| Item | Basic (DV) | Advanced (OV) | Enterprise(EV) |
|---|---|---|---|
| Validation level | Domain Validation | Organization Validation | Extension Validation |
| Validation methods | Webpage verification file, DNS, E-Mail | Manual validation work needed (such as relevant documents are required or a phone check) | |
| Validation requirement | Domain owner | Domain owner/ | Domain owner/ organization / credit investigation |
| Applicable to | Blog, the portfolio site | Company/ organizational site | The financial site, any websites which involve data security |
| Encryption | All use SHA-256 algorithm; supporting 99.9% browsers and systems | ||
| Feature | Certificates are issued fast. | Certificates will display organizational information. | Certificates will display organizational information and the URL bar will show the organization name. |
| Process time | A few minutes - half an hour | 1-3 working days | 5-7 working days |
| Warranty | 10K - 500K USD | 100K - 1.25M USD | 1M - 1.5M USD |
| Refund policy | Total refund available within 7 days | ||
| Installation on different servers | The number of servers to be installed with SSL certificates is unlimited; Symantec (Digicert) requires additional authorization (fees applicable) | ||
| Reissue policy | Unlimited | ||
The SSL certificates which protect more domains and support higher validation levels are more expensive. Net-Chinese suggests you choose your SSL certificate based on the purpose of your site. For example, financial enterprises usually have several subdomains, and that they have more strict standards for protecting customers’ information. For them, OV or EV certificates are the best choices.
■ Why do you need SSL certificate?
To summarize, as nowadays the information is intensively transmitted on the Internet, it is highly suggested that all the websites which involve a member login process and shopping cart system should install SSL certificates (they should even consider higher validation levels) to protect their customers’ personal information and their order data. With SSL certificates implemented, even if your data is hacked by someone, they will not be able to interpret the information as all data has been encrypted and hashed.
Furthermore, the significant browsers/ search engine providers have listed SSL certificates as one of the key indexes to judge whether a website is safe enough, so as to promote the importance of data security. Also, websites without SSL certificates will be hardly displayed on the top positions on search results pages . Having an SSL certificate will be more and more important for your site. Now that applying for an SSL certificate is an easy task, if you do not have one yet, we suggest you apply for one now!
■ SSL certificate products
Like many products, there are numerous brands for SSL certificates. At Net-Chinese, we provide you options that are more reliable (with bigger market shares). As the image placed above, we provide options from COMODO, Symantec, Thawte, GeoTrust, GlobalSign, and RapidSSL with different levels. Below are a few options that we recommend:
| Item | Single domain (basic) | Single domain (general) | Multiple domains (general) | OV Single |
|---|---|---|---|---|
| Provider | Comodo | Comodo | Comodo | GlobalSign |
| Protected range | One domain | One domain and its subdomains | 2 domains and all of their subdomains | One domain |
| Validation level | DV | DV | DV | OV |
| Price (TWD) | 800/ year | 5,000/ year | 12,000/ year | 7,000/ year |
| Warranty amount (USD) | 10,000 | 10,000 | 10,000 | 1,250,000 |
We also provide more customized SSL certificate solutions for our VIP clients. To know more about the VIP program,please contact us .
■ FAQ
1. Will SSL certificates benefit SEO?
Google has announced on their blog that “we’re starting to use HTTPS as a ranking signal…… we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.” Based on our experience, an SSL certificate does not make your site surge to the first position on the search result page; it prevents your site’s ranking from dropping down instead. The reason is that most of the websites have SSL certificates, making it a must-have for website owners, and therefore “with SSL certificate” does not make your site better, but “without SSL certificate” does harm your site.
2. Why is my ranking dropping after I install SSL certificates?
To search engines, HTTP and HTTPS mean different websites (even though the domain is the same). The search engines will need some time to update from their end, but the time needed won’t be too long. So don’t worry if you find your rankings drop a bit, it should be back within a short period of time.
3.I am interested in purchasing an SSL certificate, but with these different brands and prices, how could I tell the difference?
The biggest difference among those brands is the amount of the warranty. Basically, the higher the validation level is, the more the amount of the warranty will be. However, to claim the warranty, it needs to be proved that it is the SSL certificate that fails to protect the data and results in data loss. It will be hard to prove that at some point. To understand the details of each brand, please visit this page .
4. How to apply for an SSL certificate? How to install it and proceed with the validation process?
After completing the process, you will have to proceed with installation and validation. To install the certificate, you’ll have to submit the host CSR file. If you purchase an OV or EV level certificate, you’ll need to provide the organizational information. You can check How to submit your information for SSL certificate and SSL certificate tutorialse for more explanation. For validation, you can choose email, HTTP CSR HASH, or CNAME. If your SSL certificate is OV or EV level, there will be additional processes such as phone or DNS number.
Check this page for validation tutorials.
