We all know what a domain name is because they are an integral aspect of browsing the web. You might even know about servers and hosting if you have ever considered to self-host your website, but what is an SSL certificate and what other types of web certificates are there?

When you enter a domain name into your browser, the website will be served to you from a protocol called either HTTP or HTTPS. This is the part of the URL, and you can see it yourself before “www.” or the domain name itself. When the URL is HTTP, that means that you are currently on a website that does not contain an SSL certificate for that specific domain installed on the server where the website is hosted. On the other hand, HTTPS means that there is an SSL certificate.

But what is an SSL certificate?

SSL certificates are issued by independent organizations for domain names and should be installed on the server where the website is hosted. These certificates are designed to encrypt the data that is transferred between the server and the website visitor, making communication between the two parties safe and secure.

When do you need an SSL certificate?

Today, having an SSL certificate for your website is a must. In the past, providing secure data transfer was enough for websites that transfer sensitive data like payment details for e-commerce sites. Today, however, search engines will rank secured websites higher and with the ease of obtaining an SSL certificate, visitors expect to see the visual representation of a pad-lock in the URL bar. Most modern browsers would even display an ugly “unsecured website” warning for websites that do not have SSL certificates. In short, you need to have a valid SSL certificate for your website at all times in order to convey the fact that it is a safe and viable place for visitors to visit.

What different types of certificates are there?

You can purchase an SSL certificate or in many cases, get one for free from your hosting provider or directly from the issuing organization. But if you have ever visited the SSL section of a hosting provider, you know that there is a variety of different types of certificates available to you.

The first thing you need to do is decide whether or not your website will obtain any data from visitors – this would include information like personal data or payment details. If not, you can narrow your search down to domain validation (DV) certificates, which are perfectly sufficient for most websites. However, if you do plan to process data from visitors, especially payment information, you should consider an extended validation (EV) certificate, which means that the certificate issuing organization will not only check your domain, but they will also do a background check in the domain whois database and the national business registry to validate that your company is real and that you own the domain. This type of certificate comes with a so-called “green bar,” that facilitates trust amongst visitors because they gain the ability to ensure that the website belongs to a real company.

Another factor to consider is whether or not the certificate should be issued for a single domain (e.g. yourdomain.com), multiple domains, or subdomains as well (e.g. yourdomain.com and mail.yourdomain.com).

In conclusion, most small business websites are perfectly fine with the entry level SSL certificate that their hosting provider can provide. The only thing that’s important is to be sure that you always have one.

Photo by Christin Hume on Unsplash