SSL Security For Websites

SSL Security For Websites
SSL Security For Websites, image: Youtube

Dealing with Security issues on the website can be very frustrating at times – that one might neglect their website, with all the security plugins and add-ons we have, sometimes isn’t enough when you want to reassure your visitors.

Most websites without SSL are still secured against attacks, however, when it comes to sensitive information of the users, be it their contact details or Credit Card processing, you need a trusted SSL Certificate installed to your server.

Getting an SSL Certificate is easy, you can have it issued, through communication with your issuer, you will be let known if the Certificate is ready. If you buy the SSL Cert. from the same hosting company, the installation will be very easy to do. You can install your SSL Certificate on Parallels Plesk Panel, cPanel and or Microsoft IIS.

What is an SSL Certificate?

SSL stands for Secure Socket Layer, and it is used and installed into your server to validate your website’s identity through SSL Certificates. The SSL is used to encrypt the user’s sensitive information which users send or receive on your website.

SSL will protect your users from thieves spying the exchanges between your website and users. Having an SSL gives users the confidence and is reassured that the information sent or received is through a secured page and is private thus cannot be viewed by cybercriminals.

If you want your website to be trusted it is best to have SSL installed, also shows that you value your user’s privacy. Sensitive information that can be protected by SSL through encryption is user’s names, addresses, passwords, and or credit card numbers.

In a nutshell, SSL is a standard for web security, if you want to accept credit cards on your website, you’ll have to install the security certificate on your server.

How will I know if my website has an SSL Certificate installed?

Your website should be your baby, and babies want to be taken good care of, babies can get dirty and have to be cleaned, however, babies are protected at all times, and so should your website.

Browser PadLock
Browser PadLock

Visitors will know for a fact that your website is safe when it displays the padlock icon as well as the https:// prefix (Google Chrome shows HTTPS when you double click on the URL) in the address bar when accessing it. It is also best to redirect all non-https pages to https (Best Practice) – when you have just installed an SSL Certificate.

You may include a site seal for visitors to verify that your website is secure.

There are different types of SSL Certificates. There’s a standard SSL and there are Premium SSL Certificates. However, no matter the type of the SSL, it will always display the https:// prefix in the address bar when accessing or browsing your website.

There are a number of websites protected by Premium EV SSL Certificate – these are verified, registered companies (with the Organization’s legal and physical address verified) – these kinds of SSL Certificate display a green browser bar to quickly ensure users that they have reached a verified and real organization.

This kind of Certificates can take up to 30 days through the process, while the standard SSL is issued immediately. However, in other hosting companies, the premium SSL comes with a free standard SSL while you wait for your Premium EV SSL Certificate.

Which SSL Certificates are best?

A standard SSL Certificate is as good as an EV SSL Certificate, however, as long as it is from a reputable organization. Some organizations such as GoDaddy support encryption of up to 2048-bit. If you don’t sell anything on your website / if you are a blogger, or run a website like www.iBusiness.co.za a standard SSL will do.

Even when you sell stuff, you shouldn’t be pressured; you can still use the standard SSL Certificate (DV) or Premium SSL Certificate (EV).

You can have a Wildcard SSL Certificate installed to protect multiple subdomains, or UCC SSL Certificates to protect multiple websites, subdomains as well as domains, e.g. site.ibusiness.co.za, site2.ibusiness.co.za, etc.

What is a Wildcard SSL Certificate?

In most cases, there are domains which are subdomain categorized – These subdomains will not be protected when you purchase a single SSL for your primary domain.

A wildcard SSL is a digital certificate issued by a CA (Certificate Authority) to protect all subdomains associated with your Primary domain. You can have it issued in minutes when you purchase a DV (Domain Validation) SSL, which is a standard SSL. You may also purchase an OV (Organization Validation) Wildcard which will be issued after your company has been vetted.

Currently, it is not possible to have a wildcard for EV (Extended Validation) SSL Certificates for subdomains.

Waiting for an SSL Certificate to be issued

Standard SSL Certificates takes less than 5 minutes to issue, OV (Deluxe SSL) can take up to 5 business days – this involves a process of validating your domain’s identity as well as the existence of your organization needs to be verified.

For Premium SSL Certificates (EV) it can take up to 30 days as it involves an extensive vetting process that starts with an in-depth application.

What is a Unified Communications Certificate (UCC)?

This is an SSL Certificate that secures multiple domain names as well as multiple hostnames within a domain name,  you can secure up to 99 additional SANs(Subject Alternative Names) with a single SSL Certificate.

WHY SSL?

  • You get a Strong Brand Identity
  • Complies with a regulation standard such as PCI-DSS, HIPAA, HITECH, GDPR and more
  • Padlock and https and/or Company name in the address bar.
  • You gain Customer’s trust
  • Google Ranking boast
  • Save online payment systems

Google Chrome impact on SSL

Google Chrome not secure imageI am sure you have realized how chrome deems none SSL websites as “not secure”, However, if you have a reliable and trusted SSL Certificate issued to your server for your website, Google will see your website as safe and secure. If you are running a business, you don’t Not Securewant a wrong impression of your organization, you will definitely need an SSL protection on your business website – in fact, all websites should have SSL Security.

You can reassure your visitors with the green lock in the address bar, give them true and genuine confidence that the information is encrypted.

What is a Domain Validation SSL Certificate

DV also is known as Domain Validation SSL is just a standard SSL certificate for bloggers and business owners, it is one of three SSL Certificates.

We have OV also known as Organization Validation as well as EV is also known as Extended Validation, How these times of premium SSL Certificate requires multiple steps, and are usually completed between 5 to 30 days. While a regular SSL is issued instantly.

The Difference between OV, EV and DV (Organization Validation, Extended Validation, and Domain Validation, respectively)

Domain Validation Certificate often referred to as DV is the simplest to get when you apply for DV all they do is validate or confirm the domain’s owner and the SSL will be issued. This is best for personal websites and blogs.

Organization Validation Certificate often referred to as OV, when you apply for this type of SSL, you will be required to submit a few documents, to verify the organization. This is to ensure the organization is real and still in business.

Extended Validation Certificates, often referred to as EV, are the same as OV, except they don’t just verify domain ownership, also the business identity, legal status, and address. The vetting process for this type of SSL is more in-depth.

Free SSL

There are free SSL Certificates yes, some of which are free for life, however – most of them are shared, and so your website will seem to be “connected” or “linked” to other websites via the SSL Certificate. You may try Free SSL with reputable iBusiness owners.

Make sure the SSL is reliable and will not keep breaking. The best kinds of SSL Certificates are the kind you purchase from a hosting company or directly from CA (Certificate Authority).

HTTPS stands for HyperText Transfer Protocol Secure, which is a secure version of HTTP. The “S” in HTTPS stands for secure, meaning the information sent and received from your browser and the website is protected.

You will get your SSL Certificate from SSL CA, the CA stands for Certificate Authority, they issue a digital certificate after verification.

When it comes to Ports, you should already know that you can send data with or without SSL, and thus, HTTP uses the un-secure protocol – port 80, while HTTPS uses TCP port 443.

Getting to know Extended Validation SSL Certificate

When it comes to all three types of SSL certificates, this is the highest class of all three. You can’t go any further than EV. This is the most complex, or rather takes a lot of processing and validation to finally get your certificate – Your organization will have to be vetted, and the process can take up to 30 days. It is only when all documents have been verified that you get the EV.

Before the Extended Validation SSL Certificate is issued, here are the important aspects that have to be verified:

  • The issuer will make sure the business is legally registered.
  • They will have to make sure the business is still in operation or trading.
  • Ensure the business runs on the address given.
  • To ensure the Telephone number listed is for the business at the same address of operation.
  • Ensure the business owner owns the website domain name

If you will be accepting payments on your website, EV SSL is recommended plus consider Website Security to be PCI compliant (SiteLock’s recommended)

The types of business that can get EV SSL

  • Incorporated or limited liability companies
  • Partnership
  • DBAs
  • Sole Proprietorship

Getting to know Organization Validation SSL Certificate

The Organization Validation (OV) is the mid-class of the SSL Certificates. With time the security staff from the SSL Authority will ensure that the business name exists and under the name registered with. And if the business is listed on the physical address provided, and if the business owner, really owns the domain name, or if it’s registered under the business.

What is Multi-Domain SAN SSL Certificate?

The SAN stands for Subject Alternative Names, with this kind of SSL Certificate, you can secure a number of different websites (different domain names). It is best for businesses to have multiple related websites.

You should get SAN SSL Certificate you have more than 10 websites, or perhaps 5 websites – (Buying separate SSL Certificate for different websites can be costly) Getting SAN SSL Certificate is cost-effective. One SAN SSL can cover up to 100 websites.

In a nutshell

Domain Validation (DV)

  • This type of SSL Certificate is best for social websites as well as Blogs (How to start a blog)
  • The process is simple, they validate the domain ownership
  • Issued within minutes
  • The secure Padlock is displayed

Organization Validation (OV)

  • This is best for Businesses as well as NGOs.
  • Domain ownership and organization validation are processed.
  • Can take up to 5 days
  • The secure Padlock is displayed

Extended Validation (EV)

  • This is best for eCommerce Website with Card Processing Getaways
  • Validates domain ownership and the highest level of business authentication
  • Displays Company Name, Green Bar and secure padlock.
  • Takes up to 30 days to issue.

Code Signing Certificate

If you are running a website where people download content from it, there are ways to protect and verifying the legitimacy of the content downloaded – in this case, Code Signing is a method used, which is a digital signature placed on software and executable files and the scripts.

Code Signature verified the identity of the software author and validates the originality of the software. Code Signatures is a secure channel for websites with downloadable content.

Furthermore

You can still protect your website from hackers even when you have a powerful SSL Certificate installed, it is still best to scan your website on regular basis to ensure the safety of users is excellent. It is best to place your site on CDN (Content Delivery Network), helping you to improve the speed of the website at the same time; you can include Firewall (WAF – Web Application Firewall), and block all suspicious and dangerous traffic coming to your website.

SSL only protects data sent to and from but does not protect you from malware, SQL injections or DDoS attack.

Use a complete Website Suite to protect your site or any kind of harm.

Loading...
Get in touch

Isaac More

Blogger at iBusiness
Founder and Writer of iBusiness Blog, (born June 28), a South African aspiring Actor and Blogger. A native of Ventersdorp, Mogopa Village (SA), often referred to as Zack. Let's talk iBusiness.
Isaac More
Get in touch

Latest posts by Isaac More (see all)




    Updated on October 20, 2019

    Was this iBusiness information helpful?

    Related iBusiness Talk

      DMCA.com Protection Status
      Articles

      SSL Security For Websites

      by Isaac More time to read: 9 min
      0