We’ve been discussing security certificates with many of our clients recently, and the most commonly asked questions have been focussed on the fundamental of why a security certificate is needed in the first place, and what benefits secure websites bring.
What is a security certificate?
A security certificate is a piece of technology which enables a website’s server and a visitor’s browser to talk to each other securely by encrypting all communication. This means that anyone trying to listen in on what information is being passed back and forth, or insert malicious changes to that information, have a significantly harder time doing so.
In the past, due to the time and effort required to set them up, security certificates were only used on pages which required users to submit sensitive information, such as ecommerce payment pages and login forms. However, it’s now good practice to ensure that all pages on a website are protected with a security certificate.
Security Certificates are about Trust
Websites which have security certificates installed are flagged to users as being secure, generally through the browser displaying a padlock icon or a specially highlighted “Green Bar” section. This is important because it displays to the user that they are on a site which takes their privacy seriously, and will influence them and their decisions, especially when it comes to submitting their personal information into a form or making a purchase. Having a security certificate on a site builds trust.
Good for SEO, bad for the bad guys
Google has recently backed this up by saying that websites that don’t have a security certificate will be penalised by their ranking algorithms. Google has also updated their web browser, Chrome, to start showing red warning symbols on sites that don’t have a security certificate, actively highlighting to visitors that the site is insecure that their browsing activity may be visible to other users.
Types of Security Certificate
There are many different types of security certificate but they generally fall into three categories:
- Domain Validated Certificate
These certificates are used in situations where proving that you are who you say you are is of less concern than protecting the information being transferred. It makes sure all traffic is encrypted, and also allows the user to verify that they are on the domain they should be.
- Organisation Validated Certificate
An OV Certificate provides additional information which verifies the organisation running the website, as well as checking the domain and encrypting traffic. The authentication is undertaken by real people, using governmental business registries, and may require documents to be exchanged or business personnel to be contacted. The certificates contain all the information required to validate an organisation according to the X.509 RFC standard
- Extended Validation Certificate
Like the OV certificate above, an EV certificate also validates the organisation as well as the domain but has much more stringent checks and authentication processes which must be completed before it can be awarded. It therefore contains much more business information and on modern web-browsers will cause the valued “Green Bar” to be displayed. Because of this, EV certificates build much more trust with visitors and should be used where trust is a critical factor (such as ecommerce).
In this day and age every legitimate website should have a security certificate, as they help to build trust where trust is traditionally in short supply. They help protect the privacy of your visitors by ensuring that the pages they view and information they submit are encrypted, preventing interception, and stop your site from being penalised by search engines who want to encourage their adoption.
Where building trust in the organisation running the website is as important as ensuring visitor privacy, Mercurytide will always recommend an Extended Validation certificate. Visitors are more aware of security than ever before and will choose a website which displays the “Green bar” over one that doesn’t every time. Commercial websites cannot choose anything else if they want to remain competitive.
What does Mercurytide offer
We have three different Security Certificate packages available, which include the setup and configuration of the website and server as well as purchasing and installing the certificate itself.
For a more in-depth guide, please get in touch
At Mercurytide we believe in making online security easy for our clients, creating a truly fantastic web experience for their customers and for ours. That's why we have developed a range of web design services and e-commerce software to rapidly deliver everything you'd expect, but with a fully customised solution for your business.
If you have any questions about the points I've raised, or want a more in-depth chat about all things web design, please get in touch.